@opensaas/stack-core 0.1.7 → 0.4.0

package/src/context/index.ts

@@ -14,6 +14,7 @@ import {
   executeAfterOperation,
   validateFieldRules,
   ValidationError,
+  DatabaseError,
 } from '../hooks/index.js'
 import { processNestedOperations } from './nested-operations.js'
 import { getDbKey } from '../lib/case-utils.js'
@@ -130,6 +131,70 @@ export type ServerActionProps =
   | { listKey: string; action: 'create'; data: Record<string, unknown> }
   | { listKey: string; action: 'update'; id: string; data: Record<string, unknown> }
   | { listKey: string; action: 'delete'; id: string }
+
+/**
+ * Parse Prisma error and convert to user-friendly DatabaseError
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+function parsePrismaError(error: unknown, listConfig: ListConfig<any>): Error {
+  // Check if it's a Prisma error
+  if (
+    error &&
+    typeof error === 'object' &&
+    'code' in error &&
+    'meta' in error &&
+    typeof error.code === 'string'
+  ) {
+    const prismaError = error as { code: string; meta?: { target?: string[] }; message?: string }
+
+    // Handle unique constraint violation
+    if (prismaError.code === 'P2002') {
+      const target = prismaError.meta?.target
+      const fieldErrors: Record<string, string> = {}
+
+      if (target && Array.isArray(target)) {
+        // Get field names from the constraint target
+        for (const fieldName of target) {
+          // Get the field config to get a better label
+          const fieldConfig = listConfig.fields[fieldName]
+          const label = fieldName.charAt(0).toUpperCase() + fieldName.slice(1)
+
+          if (fieldConfig) {
+            fieldErrors[fieldName] = `This ${label.toLowerCase()} is already in use`
+          } else {
+            fieldErrors[fieldName] = `This value is already in use`
+          }
+        }
+
+        // Create a user-friendly general message
+        const fieldLabels = target.map((f) => f.charAt(0).toUpperCase() + f.slice(1)).join(', ')
+        return new DatabaseError(
+          `${fieldLabels} must be unique. The value you entered is already in use.`,
+          fieldErrors,
+          prismaError.code,
+        )
+      }
+
+      return new DatabaseError('A record with this value already exists', {}, prismaError.code)
+    }
+
+    // Handle other Prisma errors - return generic message
+    return new DatabaseError(
+      prismaError.message || 'A database error occurred',
+      {},
+      prismaError.code,
+    )
+  }
+
+  // Not a Prisma error, return as-is if it's already an Error
+  if (error instanceof Error) {
+    return error
+  }
+
+  // Unknown error type
+  return new Error('An unknown error occurred')
+}
+
 /**
  * Create an access-controlled context
  *
@@ -144,21 +209,23 @@ export function getContext<
 >(
   config: TConfig,
   prisma: TPrisma,
-  session: Session,
+  session: Session | null,
   storage?: StorageUtils,
   _isSudo: boolean = false,
 ): {
   db: AccessControlledDB<TPrisma>
-  session: Session
+  session: Session | null
   prisma: TPrisma
   storage: StorageUtils
+  plugins: Record<string, unknown>
   serverAction: (props: ServerActionProps) => Promise<unknown>
   _isSudo: boolean
   sudo: () => {
     db: AccessControlledDB<TPrisma>
-    session: Session
+    session: Session | null
     prisma: TPrisma
     storage: StorageUtils
+    plugins: Record<string, unknown>
     serverAction: (props: ServerActionProps) => Promise<unknown>
     sudo: () => unknown
     _isSudo: boolean
@@ -196,6 +263,7 @@ export function getContext<
         )
       },
     },
+    plugins: {}, // Will be populated with plugin runtime services
     _isSudo,
   }
 
@@ -213,29 +281,107 @@ export function getContext<
     }
   }
 
+  // Execute plugin runtime functions and populate context.plugins
+  // Use _plugins (sorted by dependencies) if available, otherwise fall back to plugins array
+  const pluginsToExecute = config._plugins || config.plugins || []
+  for (const plugin of pluginsToExecute) {
+    if (plugin.runtime) {
+      try {
+        context.plugins[plugin.name] = plugin.runtime(context)
+      } catch (error) {
+        console.error(`Error executing runtime for plugin "${plugin.name}":`, error)
+        // Continue with other plugins even if one fails
+      }
+    }
+  }
+
   // Generic server action handler with discriminated union for type safety
-  async function serverAction(props: ServerActionProps): Promise<unknown> {
+  // Returns a result object instead of throwing to work properly in Next.js production
+  async function serverAction(
+    props: ServerActionProps,
+  ): Promise<
+    | { success: true; data: unknown }
+    | { success: false; error: string; fieldErrors?: Record<string, string> }
+  > {
     const dbKey = getDbKey(props.listKey)
+    const listConfig = config.lists[props.listKey]
+
+    if (!listConfig) {
+      return {
+        success: false,
+        error: `List "${props.listKey}" not found in configuration`,
+      }
+    }
+
     const model = db[dbKey] as {
       create: (args: { data: Record<string, unknown> }) => Promise<unknown>
       update: (args: { where: { id: string }; data: Record<string, unknown> }) => Promise<unknown>
       delete: (args: { where: { id: string } }) => Promise<unknown>
     }
 
-    if (props.action === 'create') {
-      return await model.create({ data: props.data })
-    } else if (props.action === 'update') {
-      return await model.update({
-        where: { id: props.id },
-        data: props.data,
-      })
-    } else if (props.action === 'delete') {
-      return await model.delete({
-        where: { id: props.id },
-      })
-    }
+    try {
+      let result: unknown = null
+
+      if (props.action === 'create') {
+        result = await model.create({ data: props.data })
+      } else if (props.action === 'update') {
+        result = await model.update({
+          where: { id: props.id },
+          data: props.data,
+        })
+      } else if (props.action === 'delete') {
+        result = await model.delete({
+          where: { id: props.id },
+        })
+      }
+
+      // Check for access denial (null return from access-controlled operations)
+      if (result === null) {
+        return {
+          success: false,
+          error: 'Access denied or operation failed',
+        }
+      }
 
-    return null
+      return {
+        success: true,
+        data: result,
+      }
+    } catch (error) {
+      // Handle ValidationError (has fieldErrors)
+      if (error instanceof ValidationError) {
+        return {
+          success: false,
+          error: error.message,
+          fieldErrors: error.fieldErrors,
+        }
+      }
+
+      // Handle DatabaseError (has fieldErrors)
+      if (error instanceof DatabaseError) {
+        return {
+          success: false,
+          error: error.message,
+          fieldErrors: error.fieldErrors,
+        }
+      }
+
+      // Parse and convert Prisma errors to user-friendly DatabaseError
+      const dbError = parsePrismaError(error, listConfig)
+      if (dbError instanceof DatabaseError) {
+        return {
+          success: false,
+          error: dbError.message,
+          fieldErrors: dbError.fieldErrors,
+        }
+      }
+
+      // Generic error fallback
+      return {
+        success: false,
+        error: dbError.message,
+      }
+    }
   }
 
   // Sudo function - creates a new context that bypasses access control
@@ -249,6 +395,7 @@ export function getContext<
     session,
     prisma,
     storage: context.storage,
+    plugins: context.plugins,
     serverAction,
     sudo,
     _isSudo,
@@ -260,7 +407,8 @@ export function getContext<
  */
 function createFindUnique<TPrisma extends PrismaClientLike>(
   listName: string,
-  listConfig: ListConfig,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+  listConfig: ListConfig<any>,
   prisma: TPrisma,
   context: AccessContext<TPrisma>,
   config: OpenSaasConfig,
@@ -346,7 +494,8 @@ function createFindUnique<TPrisma extends PrismaClientLike>(
  */
 function createFindMany<TPrisma extends PrismaClientLike>(
   listName: string,
-  listConfig: ListConfig,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+  listConfig: ListConfig<any>,
   prisma: TPrisma,
   context: AccessContext<TPrisma>,
   config: OpenSaasConfig,
@@ -443,7 +592,8 @@ function createFindMany<TPrisma extends PrismaClientLike>(
  */
 function createCreate<TPrisma extends PrismaClientLike>(
   listName: string,
-  listConfig: ListConfig,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+  listConfig: ListConfig<any>,
   prisma: TPrisma,
   context: AccessContext<TPrisma>,
   config: OpenSaasConfig,
@@ -563,7 +713,8 @@ function createCreate<TPrisma extends PrismaClientLike>(
  */
 function createUpdate<TPrisma extends PrismaClientLike>(
   listName: string,
-  listConfig: ListConfig,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+  listConfig: ListConfig<any>,
   prisma: TPrisma,
   context: AccessContext<TPrisma>,
   config: OpenSaasConfig,
@@ -717,7 +868,8 @@ function createUpdate<TPrisma extends PrismaClientLike>(
  */
 function createDelete<TPrisma extends PrismaClientLike>(
   listName: string,
-  listConfig: ListConfig,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+  listConfig: ListConfig<any>,
   prisma: TPrisma,
   context: AccessContext<TPrisma>,
 ) {
@@ -800,7 +952,8 @@ function createDelete<TPrisma extends PrismaClientLike>(
  */
 function createCount<TPrisma extends PrismaClientLike>(
   listName: string,
-  listConfig: ListConfig,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+  listConfig: ListConfig<any>,
   prisma: TPrisma,
   context: AccessContext<TPrisma>,
 ) {

package/src/context/nested-operations.ts

@@ -61,7 +61,8 @@ function isRelationshipField(fieldConfig: FieldConfig | undefined): boolean {
  */
 async function processNestedCreate(
   items: Record<string, unknown> | Array<Record<string, unknown>>,
-  relatedListConfig: ListConfig,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+  relatedListConfig: ListConfig<any>,
   context: AccessContext,
   config: OpenSaasConfig,
 ): Promise<Record<string, unknown> | Array<Record<string, unknown>>> {
@@ -69,15 +70,17 @@ async function processNestedCreate(
 
   const processedItems = await Promise.all(
     itemsArray.map(async (item) => {
-      // 1. Check create access
-      const createAccess = relatedListConfig.access?.operation?.create
-      const accessResult = await checkAccess(createAccess, {
-        session: context.session,
-        context,
-      })
+      // 1. Check create access (skip if sudo mode)
+      if (!context._isSudo) {
+        const createAccess = relatedListConfig.access?.operation?.create
+        const accessResult = await checkAccess(createAccess, {
+          session: context.session,
+          context,
+        })
 
-      if (accessResult === false) {
-        throw new Error('Access denied: Cannot create related item')
+        if (accessResult === false) {
+          throw new Error('Access denied: Cannot create related item')
+        }
       }
 
       // 2. Execute list-level resolveInput hook
@@ -151,49 +154,52 @@ async function processNestedCreate(
 async function processNestedConnect(
   connections: Record<string, unknown> | Array<Record<string, unknown>>,
   relatedListName: string,
-  relatedListConfig: ListConfig,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+  relatedListConfig: ListConfig<any>,
   context: AccessContext,
   prisma: unknown,
 ): Promise<Record<string, unknown> | Array<Record<string, unknown>>> {
   const connectionsArray = Array.isArray(connections) ? connections : [connections]
 
-  // Check update access for each item being connected
-  for (const connection of connectionsArray) {
-    // Access Prisma model dynamically - required because model names are generated at runtime
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    const model = (prisma as any)[getDbKey(relatedListName)]
+  // Check update access for each item being connected (skip if sudo mode)
+  if (!context._isSudo) {
+    for (const connection of connectionsArray) {
+      // Access Prisma model dynamically - required because model names are generated at runtime
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const model = (prisma as any)[getDbKey(relatedListName)]
 
-    // Fetch the item to check access
-    const item = await model.findUnique({
-      where: connection,
-    })
+      // Fetch the item to check access
+      const item = await model.findUnique({
+        where: connection,
+      })
 
-    if (!item) {
-      throw new Error(`Cannot connect: Item not found`)
-    }
+      if (!item) {
+        throw new Error(`Cannot connect: Item not found`)
+      }
 
-    // Check update access (connecting modifies the relationship)
-    const updateAccess = relatedListConfig.access?.operation?.update
-    const accessResult = await checkAccess(updateAccess, {
-      session: context.session,
-      item,
-      context,
-    })
+      // Check update access (connecting modifies the relationship)
+      const updateAccess = relatedListConfig.access?.operation?.update
+      const accessResult = await checkAccess(updateAccess, {
+        session: context.session,
+        item,
+        context,
+      })
 
-    if (accessResult === false) {
-      throw new Error('Access denied: Cannot connect to this item')
-    }
+      if (accessResult === false) {
+        throw new Error('Access denied: Cannot connect to this item')
+      }
 
-    // If access returns a filter, check if item matches
-    if (typeof accessResult === 'object') {
-      // Simple field matching
-      for (const [key, value] of Object.entries(accessResult)) {
-        if (typeof value === 'object' && value !== null && 'equals' in value) {
-          if (item[key] !== (value as Record<string, unknown>).equals) {
+      // If access returns a filter, check if item matches
+      if (typeof accessResult === 'object') {
+        // Simple field matching
+        for (const [key, value] of Object.entries(accessResult)) {
+          if (typeof value === 'object' && value !== null && 'equals' in value) {
+            if (item[key] !== (value as Record<string, unknown>).equals) {
+              throw new Error('Access denied: Cannot connect to this item')
+            }
+          } else if (item[key] !== value) {
             throw new Error('Access denied: Cannot connect to this item')
           }
-        } else if (item[key] !== value) {
-          throw new Error('Access denied: Cannot connect to this item')
         }
       }
     }
@@ -209,7 +215,8 @@ async function processNestedConnect(
 async function processNestedUpdate(
   updates: Record<string, unknown> | Array<Record<string, unknown>>,
   relatedListName: string,
-  relatedListConfig: ListConfig,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+  relatedListConfig: ListConfig<any>,
   context: AccessContext,
   config: OpenSaasConfig,
   prisma: unknown,
@@ -231,16 +238,18 @@ async function processNestedUpdate(
         throw new Error('Cannot update: Item not found')
       }
 
-      // Check update access
-      const updateAccess = relatedListConfig.access?.operation?.update
-      const accessResult = await checkAccess(updateAccess, {
-        session: context.session,
-        item,
-        context,
-      })
+      // Check update access (skip if sudo mode)
+      if (!context._isSudo) {
+        const updateAccess = relatedListConfig.access?.operation?.update
+        const accessResult = await checkAccess(updateAccess, {
+          session: context.session,
+          item,
+          context,
+        })
 
-      if (accessResult === false) {
-        throw new Error('Access denied: Cannot update related item')
+        if (accessResult === false) {
+          throw new Error('Access denied: Cannot update related item')
+        }
       }
 
       // Execute list-level resolveInput hook
@@ -313,7 +322,8 @@ async function processNestedUpdate(
 async function processNestedConnectOrCreate(
   operations: Record<string, unknown> | Array<Record<string, unknown>>,
   relatedListName: string,
-  relatedListConfig: ListConfig,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+  relatedListConfig: ListConfig<any>,
   context: AccessContext,
   config: OpenSaasConfig,
   prisma: unknown,
@@ -331,30 +341,32 @@ async function processNestedConnectOrCreate(
         config,
       )
 
-      // Check access for the connect portion (try to find existing item)
-      try {
-        // Access Prisma model dynamically - required because model names are generated at runtime
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        const model = (prisma as any)[getDbKey(relatedListName)]
-        const existingItem = await model.findUnique({
-          where: opRecord.where,
-        })
-
-        if (existingItem) {
-          // Check update access for connection
-          const updateAccess = relatedListConfig.access?.operation?.update
-          const accessResult = await checkAccess(updateAccess, {
-            session: context.session,
-            item: existingItem,
-            context,
+      // Check access for the connect portion (try to find existing item) (skip if sudo mode)
+      if (!context._isSudo) {
+        try {
+          // Access Prisma model dynamically - required because model names are generated at runtime
+          // eslint-disable-next-line @typescript-eslint/no-explicit-any
+          const model = (prisma as any)[getDbKey(relatedListName)]
+          const existingItem = await model.findUnique({
+            where: opRecord.where,
           })
 
-          if (accessResult === false) {
-            throw new Error('Access denied: Cannot connect to existing item')
+          if (existingItem) {
+            // Check update access for connection
+            const updateAccess = relatedListConfig.access?.operation?.update
+            const accessResult = await checkAccess(updateAccess, {
+              session: context.session,
+              item: existingItem,
+              context,
+            })
+
+            if (accessResult === false) {
+              throw new Error('Access denied: Cannot connect to existing item')
+            }
           }
+        } catch {
+          // Item doesn't exist, will use create (already processed)
         }
-      } catch {
-        // Item doesn't exist, will use create (already processed)
       }
 
       return {