@opensaas/stack-core 0.12.1 → 0.14.0

package/dist/context/index.js

@@ -1,5 +1,5 @@
 import { checkAccess, mergeFilters, filterReadableFields, filterWritableFields, buildIncludeWithAccessControl, } from '../access/index.js';
-import { executeResolveInput, executeValidateInput, executeBeforeOperation, executeAfterOperation, validateFieldRules, ValidationError, DatabaseError, } from '../hooks/index.js';
+import { executeResolveInput, executeValidate, executeBeforeOperation, executeAfterOperation, validateFieldRules, ValidationError, DatabaseError, } from '../hooks/index.js';
 import { processNestedOperations } from './nested-operations.js';
 import { getDbKey } from '../lib/case-utils.js';
 /**
@@ -8,13 +8,15 @@ import { getDbKey } from '../lib/case-utils.js';
  */
 async function executeFieldResolveInputHooks(
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
-data, fields, operation, context, listKey, 
+inputData, 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+resolvedData, fields, operation, context, listKey, 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 item) {
-    const result = { ...data };
-    for (const [fieldName, fieldConfig] of Object.entries(fields)) {
+    let result = { ...resolvedData };
+    for (const [fieldKey, fieldConfig] of Object.entries(fields)) {
         // Skip if field not in data
-        if (!(fieldName in result))
+        if (!(fieldKey in result))
             continue;
         // Skip if no hooks defined
         if (!fieldConfig.hooks?.resolveInput)
@@ -23,42 +25,134 @@ item) {
         // Type assertion is safe here because hooks are typed correctly in field definitions
         // and we're working with runtime values that match those types
         const transformedValue = await fieldConfig.hooks.resolveInput({
-            inputValue: result[fieldName],
-            operation,
-            fieldName,
             listKey,
+            fieldKey,
+            operation,
+            inputData,
             item,
+            resolvedData: { ...result }, // Pass a copy to avoid mutation affecting recorded args
             context,
         });
-        result[fieldName] = transformedValue;
+        // Create new object with updated field to avoid mutating the passed reference
+        result = { ...result, [fieldKey]: transformedValue };
     }
     return result;
 }
+/**
+ * Execute field-level validate hooks
+ * Allows fields to perform custom validation after resolveInput but before database write
+ */
+async function executeFieldValidateHooks(
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+inputData, 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+resolvedData, fields, operation, context, listKey, 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+item) {
+    const errors = [];
+    const fieldErrors = {};
+    const addValidationError = (fieldKey) => (msg) => {
+        errors.push(msg);
+        fieldErrors[fieldKey] = msg;
+    };
+    for (const [fieldKey, fieldConfig] of Object.entries(fields)) {
+        // Support both 'validate' (new) and 'validateInput' (deprecated) for backwards compatibility
+        const validateHook = fieldConfig.hooks?.validate ?? fieldConfig.hooks?.validateInput;
+        if (!validateHook)
+            continue;
+        // Execute field hook
+        // Type assertion is safe here because hooks are typed correctly in field definitions
+        if (operation === 'delete') {
+            await validateHook({
+                listKey,
+                fieldKey,
+                operation: 'delete',
+                item,
+                context,
+                addValidationError: addValidationError(fieldKey),
+            });
+        }
+        else if (operation === 'create') {
+            await validateHook({
+                listKey,
+                fieldKey,
+                operation: 'create',
+                inputData,
+                item: undefined,
+                resolvedData,
+                context,
+                addValidationError: addValidationError(fieldKey),
+            });
+        }
+        else {
+            // operation === 'update'
+            await validateHook({
+                listKey,
+                fieldKey,
+                operation: 'update',
+                inputData,
+                item,
+                resolvedData,
+                context,
+                addValidationError: addValidationError(fieldKey),
+            });
+        }
+    }
+    if (errors.length > 0) {
+        throw new ValidationError(errors, fieldErrors);
+    }
+}
 /**
  * Execute field-level beforeOperation hooks (side effects only)
  * Allows fields to perform side effects before database write
  */
 async function executeFieldBeforeOperationHooks(
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
-data, fields, operation, context, listKey, 
+inputData, 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+resolvedData, fields, operation, context, listKey, 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 item) {
-    for (const [fieldName, fieldConfig] of Object.entries(fields)) {
-        // Skip if field not in data (for create/update) or if no hooks defined
+    for (const [fieldKey, fieldConfig] of Object.entries(fields)) {
+        // Skip if no hooks defined
         if (!fieldConfig.hooks?.beforeOperation)
             continue;
-        if (operation !== 'delete' && !(fieldName in data))
+        // Skip if field not in data (for create/update)
+        if (operation !== 'delete' && !(fieldKey in resolvedData))
             continue;
         // Execute field hook (side effects only, no return value used)
         // Type assertion is safe here because hooks are typed correctly in field definitions
-        await fieldConfig.hooks.beforeOperation({
-            resolvedValue: data[fieldName],
-            operation,
-            fieldName,
-            listKey,
-            item,
-            context,
-        });
+        if (operation === 'delete') {
+            await fieldConfig.hooks.beforeOperation({
+                listKey,
+                fieldKey,
+                operation: 'delete',
+                item,
+                context,
+            });
+        }
+        else if (operation === 'create') {
+            await fieldConfig.hooks.beforeOperation({
+                listKey,
+                fieldKey,
+                operation: 'create',
+                inputData,
+                resolvedData,
+                context,
+            });
+        }
+        else {
+            // operation === 'update'
+            await fieldConfig.hooks.beforeOperation({
+                listKey,
+                fieldKey,
+                operation: 'update',
+                inputData,
+                item,
+                resolvedData,
+                context,
+            });
+        }
     }
 }
 /**
@@ -67,26 +161,88 @@ item) {
  */
 async function executeFieldAfterOperationHooks(
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
-item, data, fields, operation, context, listKey, 
+item, inputData, resolvedData, fields, operation, context, listKey, 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 originalItem) {
-    for (const [fieldName, fieldConfig] of Object.entries(fields)) {
+    for (const [fieldKey, fieldConfig] of Object.entries(fields)) {
         // Skip if no hooks defined
         if (!fieldConfig.hooks?.afterOperation)
             continue;
-        // Get the value from item (for all operations)
-        const value = item?.[fieldName];
         // Execute field hook (side effects only, no return value used)
-        await fieldConfig.hooks.afterOperation({
-            value,
-            operation,
-            fieldName,
-            listKey,
-            item,
-            originalItem,
-            context,
-        });
+        if (operation === 'delete') {
+            await fieldConfig.hooks.afterOperation({
+                listKey,
+                fieldKey,
+                operation: 'delete',
+                originalItem,
+                context,
+            });
+        }
+        else if (operation === 'create') {
+            await fieldConfig.hooks.afterOperation({
+                listKey,
+                fieldKey,
+                operation: 'create',
+                inputData,
+                item,
+                resolvedData,
+                context,
+            });
+        }
+        else {
+            // operation === 'update'
+            await fieldConfig.hooks.afterOperation({
+                listKey,
+                fieldKey,
+                operation: 'update',
+                inputData,
+                originalItem,
+                item,
+                resolvedData,
+                context,
+            });
+        }
+    }
+}
+/**
+ * Check if a list is configured as a singleton
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+function isSingletonList(listConfig) {
+    return !!listConfig.isSingleton;
+}
+/**
+ * Check if auto-create is enabled for a singleton list
+ * Defaults to true if not explicitly set to false
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+function shouldAutoCreate(listConfig) {
+    if (!listConfig.isSingleton)
+        return false;
+    if (typeof listConfig.isSingleton === 'boolean')
+        return true;
+    return listConfig.isSingleton.autoCreate !== false;
+}
+/**
+ * Extract default values from field configs
+ * Used to auto-create singleton records with sensible defaults
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+function getDefaultData(listConfig) {
+    const data = {};
+    for (const [fieldKey, fieldConfig] of Object.entries(listConfig.fields)) {
+        // Skip virtual fields - they're not stored in database
+        if (fieldConfig.virtual)
+            continue;
+        // Skip system fields (id, createdAt, updatedAt)
+        if (fieldKey === 'id' || fieldKey === 'createdAt' || fieldKey === 'updatedAt')
+            continue;
+        // Add default value if present
+        if ('defaultValue' in fieldConfig && fieldConfig.defaultValue !== undefined) {
+            data[fieldKey] = fieldConfig.defaultValue;
+        }
     }
+    return data;
 }
 /**
  * Parse Prisma error and convert to user-friendly DatabaseError
@@ -171,14 +327,21 @@ export function getContext(config, prisma, session, storage, _isSudo = false) {
     // Create access-controlled operations for each list
     for (const [listName, listConfig] of Object.entries(config.lists)) {
         const dbKey = getDbKey(listName);
-        db[dbKey] = {
+        // Create base operations
+        const createOp = createCreate(listName, listConfig, prisma, context, config);
+        const operations = {
             findUnique: createFindUnique(listName, listConfig, prisma, context, config),
             findMany: createFindMany(listName, listConfig, prisma, context, config),
-            create: createCreate(listName, listConfig, prisma, context, config),
+            create: createOp,
             update: createUpdate(listName, listConfig, prisma, context, config),
             delete: createDelete(listName, listConfig, prisma, context),
             count: createCount(listName, listConfig, prisma, context),
         };
+        // Add get() method for singleton lists
+        if (isSingletonList(listConfig)) {
+            operations.get = createGet(listName, listConfig, prisma, context, config, createOp);
+        }
+        db[dbKey] = operations;
     }
     // Execute plugin runtime functions and populate context.plugins
     // Use _plugins (sorted by dependencies) if available, otherwise fall back to plugins array
@@ -332,8 +495,6 @@ listConfig, prisma, context, config) {
             session: context.session,
             context: { ...context, _isSudo: context._isSudo },
         }, config, 0, listName);
-        // Execute field afterOperation hooks (side effects only)
-        await executeFieldAfterOperationHooks(filtered, undefined, listConfig.fields, 'query', context, listName, undefined);
         return filtered;
     };
 }
@@ -344,6 +505,10 @@ function createFindMany(listName,
 // eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
 listConfig, prisma, context, config) {
     return async (args) => {
+        // Check singleton constraint (throw error instead of silently returning empty)
+        if (isSingletonList(listConfig)) {
+            throw new ValidationError([`Cannot use findMany: ${listName} is a singleton list. Use get() instead.`], {});
+        }
         // Check query access (skip if sudo mode)
         let where = args?.where;
         if (!context._isSudo) {
@@ -385,8 +550,6 @@ listConfig, prisma, context, config) {
             session: context.session,
             context: { ...context, _isSudo: context._isSudo },
         }, config, 0, listName)));
-        // Execute field afterOperation hooks for each item (side effects only)
-        await Promise.all(filtered.map((item) => executeFieldAfterOperationHooks(item, undefined, listConfig.fields, 'query', context, listName, undefined)));
         return filtered;
     };
 }
@@ -397,6 +560,16 @@ function createCreate(listName,
 // eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
 listConfig, prisma, context, config) {
     return async (args) => {
+        // 0. Check singleton constraint (enforce even in sudo mode)
+        if (isSingletonList(listConfig)) {
+            // Access Prisma model dynamically - required because model names are generated at runtime
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            const model = prisma[getDbKey(listName)];
+            const existingCount = await model.count();
+            if (existingCount > 0) {
+                throw new ValidationError([`Cannot create: ${listName} is a singleton list with an existing record`], {});
+            }
+        }
         // 1. Check create access (skip if sudo mode)
         if (!context._isSudo) {
             const createAccess = listConfig.access?.operation?.create;
@@ -410,20 +583,26 @@ listConfig, prisma, context, config) {
         }
         // 2. Execute list-level resolveInput hook
         let resolvedData = await executeResolveInput(listConfig.hooks, {
+            listKey: listName,
             operation: 'create',
+            inputData: args.data,
             resolvedData: args.data,
             item: undefined,
             context,
         });
         // 2.5. Execute field-level resolveInput hooks (e.g., hash passwords)
-        resolvedData = await executeFieldResolveInputHooks(resolvedData, listConfig.fields, 'create', context, listName);
-        // 3. Execute validateInput hook
-        await executeValidateInput(listConfig.hooks, {
+        resolvedData = await executeFieldResolveInputHooks(args.data, resolvedData, listConfig.fields, 'create', context, listName);
+        // 3. Execute list-level validate hook
+        await executeValidate(listConfig.hooks, {
+            listKey: listName,
             operation: 'create',
+            inputData: args.data,
             resolvedData,
             item: undefined,
             context,
         });
+        // 3.5. Execute field-level validate hooks
+        await executeFieldValidateHooks(args.data, resolvedData, listConfig.fields, 'create', context, listName);
         // 4. Field validation (isRequired, length, etc.)
         const validation = validateFieldRules(resolvedData, listConfig.fields, 'create');
         if (validation.errors.length > 0) {
@@ -433,14 +612,18 @@ listConfig, prisma, context, config) {
         const filteredData = await filterWritableFields(resolvedData, listConfig.fields, 'create', {
             session: context.session,
             context: { ...context, _isSudo: context._isSudo },
+            inputData: args.data,
         });
         // 5.5. Process nested relationship operations
         const data = await processNestedOperations(filteredData, listConfig.fields, config, { ...context, prisma }, 'create');
         // 6. Execute field-level beforeOperation hooks (side effects only)
-        await executeFieldBeforeOperationHooks(data, listConfig.fields, 'create', context, listName);
+        await executeFieldBeforeOperationHooks(args.data, resolvedData, listConfig.fields, 'create', context, listName);
         // 7. Execute list-level beforeOperation hook
         await executeBeforeOperation(listConfig.hooks, {
+            listKey: listName,
             operation: 'create',
+            inputData: args.data,
+            resolvedData,
             context,
         });
         // 8. Execute database create
@@ -452,13 +635,15 @@ listConfig, prisma, context, config) {
         });
         // 9. Execute list-level afterOperation hook
         await executeAfterOperation(listConfig.hooks, {
+            listKey: listName,
             operation: 'create',
+            inputData: args.data,
             item,
-            originalItem: undefined,
+            resolvedData,
             context,
         });
         // 10. Execute field-level afterOperation hooks (side effects only)
-        await executeFieldAfterOperationHooks(item, data, listConfig.fields, 'create', context, listName, undefined);
+        await executeFieldAfterOperationHooks(item, args.data, resolvedData, listConfig.fields, 'create', context, listName, undefined);
         // 11. Filter readable fields and apply resolveOutput hooks (including nested relationships)
         // Pass sudo flag through context to skip field-level access checks
         const filtered = await filterReadableFields(item, listConfig.fields, {
@@ -508,20 +693,26 @@ listConfig, prisma, context, config) {
         }
         // 3. Execute list-level resolveInput hook
         let resolvedData = await executeResolveInput(listConfig.hooks, {
+            listKey: listName,
             operation: 'update',
+            inputData: args.data,
             resolvedData: args.data,
             item,
             context,
         });
         // 3.5. Execute field-level resolveInput hooks (e.g., hash passwords)
-        resolvedData = await executeFieldResolveInputHooks(resolvedData, listConfig.fields, 'update', context, listName, item);
-        // 4. Execute validateInput hook
-        await executeValidateInput(listConfig.hooks, {
+        resolvedData = await executeFieldResolveInputHooks(args.data, resolvedData, listConfig.fields, 'update', context, listName, item);
+        // 4. Execute list-level validate hook
+        await executeValidate(listConfig.hooks, {
+            listKey: listName,
             operation: 'update',
+            inputData: args.data,
             resolvedData,
             item,
             context,
         });
+        // 4.5. Execute field-level validate hooks
+        await executeFieldValidateHooks(args.data, resolvedData, listConfig.fields, 'update', context, listName, item);
         // 5. Field validation (isRequired, length, etc.)
         const validation = validateFieldRules(resolvedData, listConfig.fields, 'update');
         if (validation.errors.length > 0) {
@@ -532,15 +723,19 @@ listConfig, prisma, context, config) {
             session: context.session,
             item,
             context: { ...context, _isSudo: context._isSudo },
+            inputData: args.data,
         });
         // 6.5. Process nested relationship operations
         const data = await processNestedOperations(filteredData, listConfig.fields, config, { ...context, prisma }, 'update');
         // 7. Execute field-level beforeOperation hooks (side effects only)
-        await executeFieldBeforeOperationHooks(data, listConfig.fields, 'update', context, listName, item);
+        await executeFieldBeforeOperationHooks(args.data, resolvedData, listConfig.fields, 'update', context, listName, item);
         // 8. Execute list-level beforeOperation hook
         await executeBeforeOperation(listConfig.hooks, {
+            listKey: listName,
             operation: 'update',
+            inputData: args.data,
             item,
+            resolvedData,
             context,
         });
         // 9. Execute database update
@@ -550,13 +745,16 @@ listConfig, prisma, context, config) {
         });
         // 10. Execute list-level afterOperation hook
         await executeAfterOperation(listConfig.hooks, {
+            listKey: listName,
             operation: 'update',
-            item: updated,
+            inputData: args.data,
             originalItem: item, // item is the original item before the update
+            item: updated,
+            resolvedData,
             context,
         });
         // 11. Execute field-level afterOperation hooks (side effects only)
-        await executeFieldAfterOperationHooks(updated, data, listConfig.fields, 'update', context, listName, item);
+        await executeFieldAfterOperationHooks(updated, args.data, resolvedData, listConfig.fields, 'update', context, listName, item);
         // 12. Filter readable fields and apply resolveOutput hooks (including nested relationships)
         // Pass sudo flag through context to skip field-level access checks
         const filtered = await filterReadableFields(updated, listConfig.fields, {
@@ -573,6 +771,10 @@ function createDelete(listName,
 // eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
 listConfig, prisma, context) {
     return async (args) => {
+        // 0. Check singleton constraint (enforce even in sudo mode)
+        if (isSingletonList(listConfig)) {
+            throw new ValidationError([`Cannot delete: ${listName} is a singleton list`], {});
+        }
         // 1. Fetch the item to pass to access control and hooks
         // Access Prisma model dynamically - required because model names are generated at runtime
         // eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -604,27 +806,37 @@ listConfig, prisma, context) {
                 }
             }
         }
-        // 3. Execute field-level beforeOperation hooks (side effects only)
-        await executeFieldBeforeOperationHooks({}, listConfig.fields, 'delete', context, listName, item);
-        // 4. Execute list-level beforeOperation hook
+        // 3. Execute list-level validate hook
+        await executeValidate(listConfig.hooks, {
+            listKey: listName,
+            operation: 'delete',
+            item,
+            context,
+        });
+        // 3.5. Execute field-level validate hooks
+        await executeFieldValidateHooks(undefined, undefined, listConfig.fields, 'delete', context, listName, item);
+        // 4. Execute field-level beforeOperation hooks (side effects only)
+        await executeFieldBeforeOperationHooks({}, {}, listConfig.fields, 'delete', context, listName, item);
+        // 5. Execute list-level beforeOperation hook
         await executeBeforeOperation(listConfig.hooks, {
+            listKey: listName,
             operation: 'delete',
             item,
             context,
         });
-        // 5. Execute database delete
+        // 6. Execute database delete
         const deleted = await model.delete({
             where: args.where,
         });
-        // 6. Execute list-level afterOperation hook
+        // 7. Execute list-level afterOperation hook
         await executeAfterOperation(listConfig.hooks, {
+            listKey: listName,
             operation: 'delete',
-            item: deleted,
             originalItem: item, // item is the original item before deletion
             context,
         });
-        // 7. Execute field-level afterOperation hooks (side effects only)
-        await executeFieldAfterOperationHooks(deleted, undefined, listConfig.fields, 'delete', context, listName, item);
+        // 8. Execute field-level afterOperation hooks (side effects only)
+        await executeFieldAfterOperationHooks(deleted, undefined, undefined, listConfig.fields, 'delete', context, listName, item);
         return deleted;
     };
 }
@@ -663,4 +875,62 @@ listConfig, prisma, context) {
         return count;
     };
 }
+/**
+ * Create get operation for singleton lists
+ * Returns the single record, or auto-creates it if enabled
+ */
+function createGet(listName, 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any -- ListConfig must accept any TypeInfo
+listConfig, prisma, context, config, 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+createFn) {
+    return async () => {
+        // First try to find the existing record
+        // Access Prisma model dynamically - required because model names are generated at runtime
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const model = prisma[getDbKey(listName)];
+        // Check query access (skip if sudo mode)
+        let where = {};
+        if (!context._isSudo) {
+            const queryAccess = listConfig.access?.operation?.query;
+            const accessResult = await checkAccess(queryAccess, {
+                session: context.session,
+                context,
+            });
+            if (accessResult === false) {
+                return null;
+            }
+            // Merge access filter (for singleton, we don't have a specific where clause)
+            if (accessResult && typeof accessResult === 'object') {
+                where = accessResult;
+            }
+        }
+        // Build include with access control filters
+        const accessControlledInclude = await buildIncludeWithAccessControl(listConfig.fields, {
+            session: context.session,
+            context,
+        }, config);
+        // Try to find the record
+        const item = await model.findFirst({
+            where,
+            include: accessControlledInclude,
+        });
+        // If record exists, return it
+        if (item) {
+            // Filter readable fields and apply resolveOutput hooks
+            const filtered = await filterReadableFields(item, listConfig.fields, {
+                session: context.session,
+                context: { ...context, _isSudo: context._isSudo },
+            }, config, 0, listName);
+            return filtered;
+        }
+        // If no record and auto-create is enabled, create it
+        if (shouldAutoCreate(listConfig)) {
+            const defaultData = getDefaultData(listConfig);
+            return await createFn({ data: defaultData });
+        }
+        // No record and auto-create is disabled
+        return null;
+    };
+}
 //# sourceMappingURL=index.js.map