@platformatic/db-authorization 3.4.1 → 3.5.1

package/README.md

@@ -2,7 +2,7 @@
 
 Fastify plugin that adds role-based authorization hooks to [`@platformatic/sql-mapper`](https://www.npmjs.com/package/@platformatic/sql-mapper).
 
-Check out the full documentation on [our website](https://docs.platformatic.dev/docs/db/authorization/overview).
+Check out the full documentation on [our website](https://docs.platformatic.dev/docs/reference/db/authorization/overview).
 
 ## Install
 

package/eslint.config.js

@@ -1,7 +1,3 @@
-'use strict'
+import neostandard from 'neostandard'
 
-const neostandard = require('neostandard')
-
-module.exports = neostandard({
-  ts: true,
-})
+export default neostandard({ ts: true })

package/index.d.ts

@@ -1,6 +1,6 @@
 import {
   type PlatformaticContext,
-  type WhereCondition,
+  type WhereClause,
 } from '@platformatic/sql-mapper'
 import { type FastifyPluginAsync } from 'fastify'
 import { type FastifyUserPluginOptions } from 'fastify-user'
@@ -9,11 +9,11 @@ import { FastifyError } from '@fastify/error'
 export type OperationFunction<T> = (args: {
   user: T,
   ctx: PlatformaticContext,
-  where: WhereCondition
-}) => WhereCondition
+  where: WhereClause
+}) => WhereClause
 
 export interface OperationChecks {
-  checks: Record<string, any> | WhereCondition
+  checks: Record<string, any> | WhereClause
 }
 
 export interface OperationFields {
@@ -52,7 +52,7 @@ export interface DBAuthorizationPluginOptions<T = any> extends FastifyUserPlugin
   roleKey?: string
   isRolePath?: boolean
   anonymousRole?: string
-  rules: Array<AuthorizationRule<T>>
+  rules?: Array<AuthorizationRule<T>>
 }
 
 export interface DBAuthorizationPluginInterface {

package/index.js

@@ -1,17 +1,9 @@
-'use strict'
-
-const fp = require('fastify-plugin')
-const leven = require('leven')
-const fastifyUser = require('fastify-user')
-const errors = require('./lib/errors')
-
-const findRule = require('./lib/find-rule')
-const { getRequestFromContext, getRoles } = require('./lib/utils')
-const {
-  Unauthorized,
-  UnauthorizedField,
-  MissingNotNullableError,
-} = require('./lib/errors')
+import fp from 'fastify-plugin'
+import fastifyUser from 'fastify-user'
+import leven from 'leven'
+import { MissingNotNullableError, Unauthorized, UnauthorizedField } from './lib/errors.js'
+import { findRule } from './lib/find-rule.js'
+import { getRequestFromContext, getRoles } from './lib/utils.js'
 
 const PLT_ADMIN_ROLE = 'platformatic-admin'
 
@@ -49,7 +41,7 @@ async function auth (app, opts) {
               value = PLT_ADMIN_ROLE
             }
             return value
-          },
+          }
         })
       }
     }
@@ -58,14 +50,14 @@ async function auth (app, opts) {
       // We replace just the role in `request.user`, all the rest is untouched
       request.user = {
         ...request.user,
-        [roleKey]: PLT_ADMIN_ROLE,
+        [roleKey]: PLT_ADMIN_ROLE
       }
     }
   }
 
   const rules = opts.rules || []
 
-  app.platformatic.addRulesForRoles = (_rules) => {
+  app.platformatic.addRulesForRoles = _rules => {
     for (const rule of _rules) {
       rules.push(rule)
     }
@@ -76,14 +68,17 @@ async function auth (app, opts) {
       // There is an unknown entity. Let's find out the nearest one for a nice error message
       const entities = Object.keys(app.platformatic.entities)
 
-      const nearest = entities.reduce((acc, entity) => {
-        const distance = leven(ruleEntity, entity)
-        if (distance < acc.distance) {
-          acc.distance = distance
-          acc.entity = entity
-        }
-        return acc
-      }, { distance: Infinity, entity: null })
+      const nearest = entities.reduce(
+        (acc, entity) => {
+          const distance = leven(ruleEntity, entity)
+          if (distance < acc.distance) {
+            acc.distance = distance
+            acc.entity = entity
+          }
+          return acc
+        },
+        { distance: Infinity, entity: null }
+      )
       return nearest
     }
 
@@ -105,7 +100,9 @@ async function auth (app, opts) {
         const newRule = { ...rule, entity: ruleEntity, entities: undefined }
         if (!app.platformatic.entities[newRule.entity]) {
           const nearest = findNearestEntity(ruleEntity)
-          throw new Error(`Unknown entity '${ruleEntity}' in authorization rule ${i}. Did you mean '${nearest.entity}'?`)
+          throw new Error(
+            `Unknown entity '${ruleEntity}' in authorization rule ${i}. Did you mean '${nearest.entity}'?`
+          )
         }
 
         if (!entityRules[ruleEntity]) {
@@ -131,7 +128,9 @@ async function auth (app, opts) {
           }
           const keys = Object.keys(checks)
           if (keys.length !== 1) {
-            throw new Error(`Subscription requires that the role "${rule.role}" has only one check in the find rule for entity "${rule.entity}"`)
+            throw new Error(
+              `Subscription requires that the role "${rule.role}" has only one check in the find rule for entity "${rule.entity}"`
+            )
           }
           const key = keys[0]
 
@@ -153,7 +152,7 @@ async function auth (app, opts) {
           role: PLT_ADMIN_ROLE,
           find: true,
           save: true,
-          delete: true,
+          delete: true
         })
       }
 
@@ -219,7 +218,7 @@ async function auth (app, opts) {
             const found = await type.find({
               where,
               ctx,
-              fields,
+              fields
             })
 
             if (found.length === 0) {
@@ -311,7 +310,7 @@ async function auth (app, opts) {
           }
 
           return originalTopic
-        },
+        }
       })
     }
   })
@@ -333,19 +332,19 @@ async function fromRuleToWhere (ctx, rule, where, user) {
       for (const key of Object.keys(checks)) {
         const clauses = checks[key]
         if (typeof clauses === 'string') {
-        // case: "userId": "X-PLATFORMATIC-USER-ID"
+          // case: "userId": "X-PLATFORMATIC-USER-ID"
           where[key] = {
-            eq: request.user[clauses],
+            eq: request.user[clauses]
           }
         } else {
-        // case:
-        // userId: {
-        //   eq: 'X-PLATFORMATIC-USER-ID'
-        // }
+          // case:
+          // userId: {
+          //   eq: 'X-PLATFORMATIC-USER-ID'
+          // }
           for (const clauseKey of Object.keys(clauses)) {
             const clause = clauses[clauseKey]
             where[key] = {
-              [clauseKey]: request.user[clause],
+              [clauseKey]: request.user[clause]
             }
           }
         }
@@ -412,10 +411,9 @@ function checkInputFromRuleFields (rule, inputs) {
 
 function checkSaveMandatoryFieldsInRules (type, rules) {
   // List of not nullable, not PKs field to validate save/insert when allowed fields are specified on the rule
-  const mandatoryFields =
-    Object.values(type.fields)
-      .filter(k => (!k.isNullable && !k.primaryKey))
-      .map(({ camelcase }) => (camelcase))
+  const mandatoryFields = Object.values(type.fields)
+    .filter(k => !k.isNullable && !k.primaryKey)
+    .map(({ camelcase }) => camelcase)
 
   for (const rule of rules) {
     const { entity, save } = rule
@@ -430,5 +428,5 @@ function checkSaveMandatoryFieldsInRules (type, rules) {
   }
 }
 
-module.exports = fp(auth)
-module.exports.errors = errors
+export default fp(auth)
+export * as errors from './lib/errors.js'

package/lib/errors.js

@@ -1,11 +1,10 @@
-'use strict'
+import createError from '@fastify/error'
 
-const createError = require('@fastify/error')
+export const ERROR_PREFIX = 'PLT_DB_AUTH'
 
-const ERROR_PREFIX = 'PLT_DB_AUTH'
-
-module.exports = {
-  Unauthorized: createError(`${ERROR_PREFIX}_UNAUTHORIZED`, 'operation not allowed', 401),
-  UnauthorizedField: createError(`${ERROR_PREFIX}_FIELD_UNAUTHORIZED`, 'field not allowed: %s', 401),
-  MissingNotNullableError: createError(`${ERROR_PREFIX}_NOT_NULLABLE_MISSING`, 'missing not nullable field: "%s" in save rule for entity "%s"'),
-}
+export const Unauthorized = createError(`${ERROR_PREFIX}_UNAUTHORIZED`, 'operation not allowed', 401)
+export const UnauthorizedField = createError(`${ERROR_PREFIX}_FIELD_UNAUTHORIZED`, 'field not allowed: %s', 401)
+export const MissingNotNullableError = createError(
+  `${ERROR_PREFIX}_NOT_NULLABLE_MISSING`,
+  'missing not nullable field: "%s" in save rule for entity "%s"'
+)

package/lib/find-rule.js

@@ -1,6 +1,4 @@
-'use strict'
-
-function findRule (rules, roles) {
+export function findRule (rules, roles) {
   let found = null
   for (const rule of rules) {
     for (const role of roles) {
@@ -15,5 +13,3 @@ function findRule (rules, roles) {
   }
   return found
 }
-
-module.exports = findRule

package/{schema.js → lib/schema.js}

@@ -1,23 +1,19 @@
-'use strict'
-
-const AuthSchema = {
+export const AuthSchema = {
   $id: '/BasegraphAuth',
   type: 'object',
   properties: {
     adminSecret: {
       type: 'string',
-      description: 'The password should be used to access routes under /_admin prefix.',
+      description: 'The password should be used to access routes under /_admin prefix.'
     },
     roleKey: {
       type: 'string',
-      description: 'The key in the user object that contains the roles.',
+      description: 'The key in the user object that contains the roles.'
     },
     rolePath: {
       type: 'string',
-      description: 'The path in the user object that contains the roles.',
-    },
+      description: 'The path in the user object that contains the roles.'
+    }
   },
-  additionalProperties: true, // TODO remove and add proper validation for the rules
+  additionalProperties: true // TODO remove and add proper validation for the rules
 }
-
-module.exports = AuthSchema

package/lib/utils.js

@@ -1,13 +1,11 @@
-'use strict'
-
-function getRequestFromContext (ctx) {
+export function getRequestFromContext (ctx) {
   if (ctx && !ctx.reply) {
     throw new Error('Missing reply in context. You should call this function with { ctx: { reply }}')
   }
   return ctx.reply.request
 }
 
-function getRoles (request, roleKey, anonymousRole, isRolePath = false) {
+export function getRoles (request, roleKey, anonymousRole, isRolePath = false) {
   let output = []
   const user = request.user
   if (!user) {
@@ -37,7 +35,3 @@ function getRoles (request, roleKey, anonymousRole, isRolePath = false) {
 
   return output
 }
-module.exports = {
-  getRequestFromContext,
-  getRoles,
-}

package/package.json

@@ -1,31 +1,31 @@
 {
   "name": "@platformatic/db-authorization",
-  "version": "3.4.1",
+  "version": "3.5.1",
   "description": "",
   "main": "index.js",
+  "type": "module",
   "types": "index.d.ts",
-  "author": "Matteo Collina <hello@matteocollina.com>",
+  "author": "Platformatic Inc. <oss@platformatic.dev> (https://platformatic.dev)",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/platformatic/platformatic.git"
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@fastify/cookie": "^10.0.0",
+    "@fastify/cookie": "^11.0.0",
     "@fastify/session": "^11.0.0",
-    "@matteo.collina/tspl": "^0.1.1",
-    "borp": "^0.17.0",
+    "cleaner-spec-reporter": "^0.5.0",
     "eslint": "9",
-    "fast-jwt": "^4.0.0",
+    "fast-jwt": "^5.0.0",
     "fastify": "^5.0.0",
-    "neostandard": "^0.11.1",
-    "tsd": "^0.31.0",
+    "get-jwks": "^11.0.0",
+    "neostandard": "^0.12.0",
+    "tsd": "^0.33.0",
     "typescript": "^5.5.4",
     "why-is-node-running": "^2.2.2",
     "ws": "^8.16.0",
-    "get-jwks": "^9.0.1",
-    "@platformatic/db-core": "3.4.1",
-    "@platformatic/sql-mapper": "3.4.1"
+    "@platformatic/sql-mapper": "3.5.1",
+    "@platformatic/db-core": "3.5.1"
   },
   "dependencies": {
     "@fastify/error": "^4.0.0",
@@ -33,13 +33,17 @@
     "fastify-plugin": "^5.0.0",
     "fastify-user": "^1.0.2",
     "leven": "~3.1.0",
-    "undici": "^6.9.0"
+    "undici": "^7.0.0"
   },
   "tsd": {
     "directory": "test/types"
   },
+  "engines": {
+    "node": ">=22.19.0"
+  },
   "scripts": {
-    "test": "pnpm run lint && borp --concurrency=1 --timeout=180000 && tsd",
+    "test": "node --test --test-reporter=cleaner-spec-reporter --test-concurrency=1 --test-timeout=2000000 test/*.test.js test/**/*.test.js",
+    "posttest": "tsd",
     "lint": "eslint"
   }
 }