@opensaas/stack-core 0.20.1 → 0.21.0

package/src/context/index.ts

@@ -4,261 +4,18 @@ import {
   checkAccess,
   mergeFilters,
   filterReadableFields,
-  filterWritableFields,
   buildIncludeWithAccessControl,
 } from '../access/index.js'
-import {
-  executeResolveInput,
-  executeValidate,
-  executeBeforeOperation,
-  executeAfterOperation,
-  validateFieldRules,
-  ValidationError,
-  DatabaseError,
-} from '../hooks/index.js'
-import { processNestedOperations } from './nested-operations.js'
+import { ValidationError, DatabaseError } from '../hooks/index.js'
 import { getDbKey } from '../lib/case-utils.js'
 import type { PrismaClientLike } from '../access/types.js'
-import type { FieldConfig } from '../config/types.js'
 import { buildInclude, pickFields, isFragment } from '../query/index.js'
-
-/**
- * Execute field-level resolveInput hooks
- * Allows fields to transform their input values before database write
- */
-async function executeFieldResolveInputHooks(
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  inputData: Record<string, any>,
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  resolvedData: Record<string, any>,
-  fields: Record<string, FieldConfig>,
-  operation: 'create' | 'update',
-  context: AccessContext,
-  listKey: string,
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  item?: any,
-): Promise<Record<string, unknown>> {
-  let result = { ...resolvedData }
-  console.log(
-    'Executing field resolveInput hooks for list:',
-    listKey,
-    'operation:',
-    operation,
-    'inputData:',
-    inputData,
-    'resolvedData before field hooks:',
-    resolvedData,
-  )
-
-  for (const [fieldKey, fieldConfig] of Object.entries(fields)) {
-    // Skip if field not in data
-    if (!(fieldKey in result)) continue
-
-    // Skip if no hooks defined
-    if (!fieldConfig.hooks?.resolveInput) continue
-
-    // Execute field hook
-    // Type assertion is safe here because hooks are typed correctly in field definitions
-    // and we're working with runtime values that match those types
-
-    const transformedValue = await fieldConfig.hooks.resolveInput({
-      listKey,
-      fieldKey,
-      operation,
-      inputData,
-      item,
-      resolvedData: { ...result }, // Pass a copy to avoid mutation affecting recorded args
-      context,
-    } as Parameters<typeof fieldConfig.hooks.resolveInput>[0])
-
-    // Create new object with updated field to avoid mutating the passed reference
-    result = { ...result, [fieldKey]: transformedValue }
-  }
-
-  return result
-}
-
-/**
- * Execute field-level validate hooks
- * Allows fields to perform custom validation after resolveInput but before database write
- */
-async function executeFieldValidateHooks(
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  inputData: Record<string, any> | undefined,
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  resolvedData: Record<string, any> | undefined,
-  fields: Record<string, FieldConfig>,
-  operation: 'create' | 'update' | 'delete',
-  context: AccessContext,
-  listKey: string,
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  item?: any,
-): Promise<void> {
-  const errors: string[] = []
-  const fieldErrors: Record<string, string> = {}
-
-  const addValidationError = (fieldKey: string) => (msg: string) => {
-    errors.push(msg)
-    fieldErrors[fieldKey] = msg
-  }
-
-  for (const [fieldKey, fieldConfig] of Object.entries(fields)) {
-    // Support both 'validate' (new) and 'validateInput' (deprecated) for backwards compatibility
-    const validateHook = fieldConfig.hooks?.validate ?? fieldConfig.hooks?.validateInput
-    if (!validateHook) continue
-
-    // Execute field hook
-    // Type assertion is safe here because hooks are typed correctly in field definitions
-    if (operation === 'delete') {
-      await validateHook({
-        listKey,
-        fieldKey,
-        operation: 'delete',
-        item,
-        context,
-        addValidationError: addValidationError(fieldKey),
-      } as Parameters<typeof validateHook>[0])
-    } else if (operation === 'create') {
-      await validateHook({
-        listKey,
-        fieldKey,
-        operation: 'create',
-        inputData,
-        item: undefined,
-        resolvedData,
-        context,
-        addValidationError: addValidationError(fieldKey),
-      } as Parameters<typeof validateHook>[0])
-    } else {
-      // operation === 'update'
-      await validateHook({
-        listKey,
-        fieldKey,
-        operation: 'update',
-        inputData,
-        item,
-        resolvedData,
-        context,
-        addValidationError: addValidationError(fieldKey),
-      } as Parameters<typeof validateHook>[0])
-    }
-  }
-
-  if (errors.length > 0) {
-    throw new ValidationError(errors, fieldErrors)
-  }
-}
-
-/**
- * Execute field-level beforeOperation hooks (side effects only)
- * Allows fields to perform side effects before database write
- */
-async function executeFieldBeforeOperationHooks(
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  inputData: Record<string, any>,
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  resolvedData: Record<string, any>,
-  fields: Record<string, FieldConfig>,
-  operation: 'create' | 'update' | 'delete',
-  context: AccessContext,
-  listKey: string,
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  item?: any,
-): Promise<void> {
-  for (const [fieldKey, fieldConfig] of Object.entries(fields)) {
-    // Skip if no hooks defined
-    if (!fieldConfig.hooks?.beforeOperation) continue
-    // Skip if field not in data (for create/update)
-    if (operation !== 'delete' && !(fieldKey in resolvedData)) continue
-
-    // Execute field hook (side effects only, no return value used)
-    // Type assertion is safe here because hooks are typed correctly in field definitions
-    if (operation === 'delete') {
-      await fieldConfig.hooks.beforeOperation({
-        listKey,
-        fieldKey,
-        operation: 'delete',
-        item,
-        context,
-      } as Parameters<typeof fieldConfig.hooks.beforeOperation>[0])
-    } else if (operation === 'create') {
-      await fieldConfig.hooks.beforeOperation({
-        listKey,
-        fieldKey,
-        operation: 'create',
-        inputData,
-        resolvedData,
-        context,
-      } as Parameters<typeof fieldConfig.hooks.beforeOperation>[0])
-    } else {
-      // operation === 'update'
-      await fieldConfig.hooks.beforeOperation({
-        listKey,
-        fieldKey,
-        operation: 'update',
-        inputData,
-        item,
-        resolvedData,
-        context,
-      } as Parameters<typeof fieldConfig.hooks.beforeOperation>[0])
-    }
-  }
-}
-
-/**
- * Execute field-level afterOperation hooks (side effects only)
- * Allows fields to perform side effects after database operations
- */
-async function executeFieldAfterOperationHooks(
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  item: any,
-  inputData: Record<string, unknown> | undefined,
-  resolvedData: Record<string, unknown> | undefined,
-  fields: Record<string, FieldConfig>,
-  operation: 'create' | 'update' | 'delete',
-  context: AccessContext,
-  listKey: string,
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  originalItem?: any,
-): Promise<void> {
-  for (const [fieldKey, fieldConfig] of Object.entries(fields)) {
-    // Skip if no hooks defined
-    if (!fieldConfig.hooks?.afterOperation) continue
-
-    // Execute field hook (side effects only, no return value used)
-    if (operation === 'delete') {
-      await fieldConfig.hooks.afterOperation({
-        listKey,
-        fieldKey,
-        operation: 'delete',
-        originalItem,
-        context,
-      } as Parameters<typeof fieldConfig.hooks.afterOperation>[0])
-    } else if (operation === 'create') {
-      await fieldConfig.hooks.afterOperation({
-        listKey,
-        fieldKey,
-        operation: 'create',
-        inputData,
-        item,
-        resolvedData,
-        context,
-      } as Parameters<typeof fieldConfig.hooks.afterOperation>[0])
-    } else {
-      // operation === 'update'
-      await fieldConfig.hooks.afterOperation({
-        listKey,
-        fieldKey,
-        operation: 'update',
-        inputData,
-        originalItem,
-        item,
-        resolvedData,
-        context,
-      } as Parameters<typeof fieldConfig.hooks.afterOperation>[0])
-    }
-  }
-}
+import {
+  runWritePipeline,
+  createWriteStrategy,
+  updateWriteStrategy,
+  deleteWriteStrategy,
+} from './write-pipeline.js'
 
 export type ServerActionProps =
   | { listKey: string; action: 'create'; data: Record<string, unknown> }
@@ -457,7 +214,7 @@ export function getContext<
       findMany: findManyOp,
       create: createOp,
       update: updateOp,
-      delete: createDelete(listName, listConfig, prisma, context),
+      delete: createDelete(listName, listConfig, prisma, context, config),
       count: createCount(listName, listConfig, prisma, context),
       createMany: createCreateMany(listName, listConfig, prisma, context, config, createOp),
       updateMany: createUpdateMany(
@@ -812,163 +569,18 @@ function createCreate<TPrisma extends PrismaClientLike>(
   context: AccessContext<TPrisma>,
   config: OpenSaasConfig,
 ) {
+  // Thin adapter over the Write Pipeline: pick the create strategy, run the
+  // canonical secured write sequence, return its result.
   return async (args: { data: Record<string, unknown> }) => {
-    // 0. Check singleton constraint (enforce even in sudo mode)
-    if (isSingletonList(listConfig)) {
-      // Access Prisma model dynamically - required because model names are generated at runtime
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      const model = (prisma as any)[getDbKey(listName)]
-      const existingCount = await model.count()
-
-      if (existingCount > 0) {
-        throw new ValidationError(
-          [`Cannot create: ${listName} is a singleton list with an existing record`],
-          {},
-        )
-      }
-    }
-
-    // 1. Check create access (skip if sudo mode)
-    if (!context._isSudo) {
-      const createAccess = listConfig.access?.operation?.create
-      const accessResult = await checkAccess(createAccess, {
-        session: context.session,
-        context,
-      })
-
-      if (accessResult === false) {
-        return null
-      }
-    }
-
-    // 2. Execute list-level resolveInput hook
-    let resolvedData = await executeResolveInput(listConfig.hooks, {
-      listKey: listName,
-      operation: 'create',
-      inputData: args.data,
-      resolvedData: args.data,
-      item: undefined,
-      context,
-    })
-
-    // 2.5. Execute field-level resolveInput hooks (e.g., hash passwords)
-    resolvedData = await executeFieldResolveInputHooks(
-      args.data,
-      resolvedData,
-      listConfig.fields,
-      'create',
-      context,
+    return runWritePipeline({
       listName,
-    )
-
-    // 3. Execute list-level validate hook
-    await executeValidate(listConfig.hooks, {
-      listKey: listName,
-      operation: 'create',
-      inputData: args.data,
-      resolvedData,
-      item: undefined,
-      context,
-    })
-
-    // 3.5. Execute field-level validate hooks
-    await executeFieldValidateHooks(
-      args.data,
-      resolvedData,
-      listConfig.fields,
-      'create',
+      listConfig,
+      prisma,
       context,
-      listName,
-    )
-
-    // 4. Field validation (isRequired, length, etc.)
-    const validation = validateFieldRules(resolvedData, listConfig.fields, 'create')
-    if (validation.errors.length > 0) {
-      throw new ValidationError(validation.errors, validation.fieldErrors)
-    }
-
-    // 5. Filter writable fields (field-level access control, skip if sudo mode)
-    const filteredData = await filterWritableFields(resolvedData, listConfig.fields, 'create', {
-      session: context.session,
-      context: { ...context, _isSudo: context._isSudo },
-      inputData: args.data,
-    })
-
-    // 5.5. Process nested relationship operations
-    const data = await processNestedOperations(
-      filteredData,
-      listConfig.fields,
       config,
-      { ...context, prisma },
-      'create',
-    )
-
-    // 6. Execute field-level beforeOperation hooks (side effects only)
-    await executeFieldBeforeOperationHooks(
-      args.data,
-      resolvedData,
-      listConfig.fields,
-      'create',
-      context,
-      listName,
-    )
-
-    // 7. Execute list-level beforeOperation hook
-    await executeBeforeOperation(listConfig.hooks, {
-      listKey: listName,
-      operation: 'create',
       inputData: args.data,
-      resolvedData,
-      context,
+      strategy: createWriteStrategy(listName, listConfig, context),
     })
-
-    // 8. Execute database create
-    // Access Prisma model dynamically - required because model names are generated at runtime
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    const model = (prisma as any)[getDbKey(listName)]
-    // Singleton lists use Int @id with value always 1 (matching Keystone 6 behaviour)
-    const createData = isSingletonList(listConfig) ? { id: 1, ...data } : data
-    const item = await model.create({
-      data: createData,
-    })
-
-    // 9. Execute list-level afterOperation hook
-    await executeAfterOperation(listConfig.hooks, {
-      listKey: listName,
-      operation: 'create',
-      inputData: args.data,
-      item,
-      resolvedData,
-      context,
-    })
-
-    // 10. Execute field-level afterOperation hooks (side effects only)
-    await executeFieldAfterOperationHooks(
-      item,
-      args.data,
-      resolvedData,
-      listConfig.fields,
-      'create',
-      context,
-      listName,
-      undefined, // originalItem is undefined for create operations
-    )
-
-    // 11. Filter readable fields and apply resolveOutput hooks (including nested relationships)
-    // Pass sudo flag through context to skip field-level access checks
-    const filtered = await filterReadableFields(
-      item,
-      listConfig.fields,
-      {
-        session: context.session,
-        context: { ...context, _isSudo: context._isSudo },
-      },
-      config,
-      0,
-      listName,
-    )
-
-    return filtered
   }
 }
 
@@ -1009,174 +621,18 @@ function createUpdate<TPrisma extends PrismaClientLike>(
   context: AccessContext<TPrisma>,
   config: OpenSaasConfig,
 ) {
+  // Thin adapter over the Write Pipeline: pick the update strategy, run the
+  // canonical secured write sequence, return its result.
   return async (args: { where: { id: string }; data: Record<string, unknown> }) => {
-    // 1. Fetch the item to pass to access control and hooks
-    // Access Prisma model dynamically - required because model names are generated at runtime
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    const model = (prisma as any)[getDbKey(listName)]
-    const item = await model.findUnique({
-      where: args.where,
-    })
-
-    if (!item) {
-      return null
-    }
-
-    // 2. Check update access (skip if sudo mode)
-    if (!context._isSudo) {
-      const updateAccess = listConfig.access?.operation?.update
-      const accessResult = await checkAccess(updateAccess, {
-        session: context.session,
-        item,
-        context,
-      })
-
-      if (accessResult === false) {
-        return null
-      }
-
-      // If access returns a filter, check if item matches
-      if (typeof accessResult === 'object') {
-        const matchesFilter = await model.findFirst({
-          where: mergeFilters(args.where, accessResult),
-        })
-
-        if (!matchesFilter) {
-          return null
-        }
-      }
-    }
-
-    // 3. Execute list-level resolveInput hook
-    let resolvedData = await executeResolveInput(listConfig.hooks, {
-      listKey: listName,
-      operation: 'update',
-      inputData: args.data,
-      resolvedData: args.data,
-      item,
-      context,
-    })
-
-    // 3.5. Execute field-level resolveInput hooks (e.g., hash passwords)
-    resolvedData = await executeFieldResolveInputHooks(
-      args.data,
-      resolvedData,
-      listConfig.fields,
-      'update',
-      context,
+    return runWritePipeline({
       listName,
-      item,
-    )
-
-    // 4. Execute list-level validate hook
-    await executeValidate(listConfig.hooks, {
-      listKey: listName,
-      operation: 'update',
-      inputData: args.data,
-      resolvedData,
-      item,
+      listConfig,
+      prisma,
       context,
-    })
-
-    // 4.5. Execute field-level validate hooks
-    await executeFieldValidateHooks(
-      args.data,
-      resolvedData,
-      listConfig.fields,
-      'update',
-      context,
-      listName,
-      item,
-    )
-
-    // 5. Field validation (isRequired, length, etc.)
-    const validation = validateFieldRules(resolvedData, listConfig.fields, 'update')
-    if (validation.errors.length > 0) {
-      throw new ValidationError(validation.errors, validation.fieldErrors)
-    }
-
-    // 6. Filter writable fields (field-level access control, skip if sudo mode)
-    const filteredData = await filterWritableFields(resolvedData, listConfig.fields, 'update', {
-      session: context.session,
-      item,
-      context: { ...context, _isSudo: context._isSudo },
-      inputData: args.data,
-    })
-
-    // 6.5. Process nested relationship operations
-    const data = await processNestedOperations(
-      filteredData,
-      listConfig.fields,
       config,
-      { ...context, prisma },
-      'update',
-    )
-
-    // 7. Execute field-level beforeOperation hooks (side effects only)
-    await executeFieldBeforeOperationHooks(
-      args.data,
-      resolvedData,
-      listConfig.fields,
-      'update',
-      context,
-      listName,
-      item,
-    )
-
-    // 8. Execute list-level beforeOperation hook
-    await executeBeforeOperation(listConfig.hooks, {
-      listKey: listName,
-      operation: 'update',
       inputData: args.data,
-      item,
-      resolvedData,
-      context,
+      strategy: updateWriteStrategy(listConfig, context, args.where),
     })
-
-    // 9. Execute database update
-    const updated = await model.update({
-      where: args.where,
-      data,
-    })
-
-    // 10. Execute list-level afterOperation hook
-    await executeAfterOperation(listConfig.hooks, {
-      listKey: listName,
-      operation: 'update',
-      inputData: args.data,
-      originalItem: item, // item is the original item before the update
-      item: updated,
-      resolvedData,
-      context,
-    })
-
-    // 11. Execute field-level afterOperation hooks (side effects only)
-    await executeFieldAfterOperationHooks(
-      updated,
-      args.data,
-      resolvedData,
-      listConfig.fields,
-      'update',
-      context,
-      listName,
-      item, // item is the original item before the update
-    )
-
-    // 12. Filter readable fields and apply resolveOutput hooks (including nested relationships)
-    // Pass sudo flag through context to skip field-level access checks
-    const filtered = await filterReadableFields(
-      updated,
-      listConfig.fields,
-      {
-        session: context.session,
-        context: { ...context, _isSudo: context._isSudo },
-      },
-      config,
-      0,
-      listName,
-    )
-
-    return filtered
   }
 }
 
@@ -1220,114 +676,20 @@ function createDelete<TPrisma extends PrismaClientLike>(
   listConfig: ListConfig<any>,
   prisma: TPrisma,
   context: AccessContext<TPrisma>,
+  config: OpenSaasConfig,
 ) {
+  // Thin adapter over the Write Pipeline: pick the delete strategy, run the
+  // canonical secured write sequence, return its result.
   return async (args: { where: { id: string } }) => {
-    // 0. Check singleton constraint (enforce even in sudo mode)
-    if (isSingletonList(listConfig)) {
-      throw new ValidationError([`Cannot delete: ${listName} is a singleton list`], {})
-    }
-
-    // 1. Fetch the item to pass to access control and hooks
-    // Access Prisma model dynamically - required because model names are generated at runtime
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    const model = (prisma as any)[getDbKey(listName)]
-    const item = await model.findUnique({
-      where: args.where,
-    })
-
-    if (!item) {
-      return null
-    }
-
-    // 2. Check delete access (skip if sudo mode)
-    if (!context._isSudo) {
-      const deleteAccess = listConfig.access?.operation?.delete
-      const accessResult = await checkAccess(deleteAccess, {
-        session: context.session,
-        item,
-        context,
-      })
-
-      if (accessResult === false) {
-        return null
-      }
-
-      // If access returns a filter, check if item matches
-      if (typeof accessResult === 'object') {
-        const matchesFilter = await model.findFirst({
-          where: mergeFilters(args.where, accessResult),
-        })
-
-        if (!matchesFilter) {
-          return null
-        }
-      }
-    }
-
-    // 3. Execute list-level validate hook
-    await executeValidate(listConfig.hooks, {
-      listKey: listName,
-      operation: 'delete',
-      item,
-      context,
-    })
-
-    // 3.5. Execute field-level validate hooks
-    await executeFieldValidateHooks(
-      undefined,
-      undefined,
-      listConfig.fields,
-      'delete',
-      context,
+    return runWritePipeline({
       listName,
-      item,
-    )
-
-    // 4. Execute field-level beforeOperation hooks (side effects only)
-    await executeFieldBeforeOperationHooks(
-      {},
-      {},
-      listConfig.fields,
-      'delete',
-      context,
-      listName,
-      item,
-    )
-
-    // 5. Execute list-level beforeOperation hook
-    await executeBeforeOperation(listConfig.hooks, {
-      listKey: listName,
-      operation: 'delete',
-      item,
-      context,
-    })
-
-    // 6. Execute database delete
-    const deleted = await model.delete({
-      where: args.where,
-    })
-
-    // 7. Execute list-level afterOperation hook
-    await executeAfterOperation(listConfig.hooks, {
-      listKey: listName,
-      operation: 'delete',
-      originalItem: item, // item is the original item before deletion
+      listConfig,
+      prisma,
       context,
+      config,
+      inputData: undefined,
+      strategy: deleteWriteStrategy(listName, listConfig, context, args.where),
     })
-
-    // 8. Execute field-level afterOperation hooks (side effects only)
-    await executeFieldAfterOperationHooks(
-      deleted,
-      undefined,
-      undefined,
-      listConfig.fields,
-      'delete',
-      context,
-      listName,
-      item, // item is the original item before deletion
-    )
-
-    return deleted
   }
 }