npm - @rapidd/build - Versions diffs - 1.0.6 → 1.0.8 - Mend

@rapidd/build 1.0.6 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/bin/cli.js +3 -3
package/package.json +1 -1
package/src/commands/build.js +276 -115
package/src/generators/{rlsGeneratorV2.js → aclGenerator.js} +29 -34
package/src/generators/routeGenerator.js +2 -6
package/src/generators/rlsGenerator.js +0 -341

package/bin/cli.js CHANGED Viewed

@@ -17,9 +17,9 @@ program
   .option('-s, --schema <path>', 'Path to Prisma schema file', process.env.PRISMA_SCHEMA_PATH || './prisma/schema.prisma')
   .option('-o, --output <path>', 'Output base directory', './')
   .option('-m, --model <name>', 'Generate/update only specific model (e.g., "account", "user")')
-  .option('--only <component>', 'Generate only specific component: "model", "route", "rls", or "relationship"')
-  .option('--user-table <name>', 'Name of the user table for RLS (default: auto-detect from user/users)')
-  .option('--debug', 'Enable debug mode (generates rls-mappings.json)')
+  .option('--only <component>', 'Generate only specific component: "model", "route", "acl", or "relationship"')
+  .option('--user-table <name>', 'Name of the user table for ACL (default: auto-detect from user/users)')
+  .option('--debug', 'Enable debug mode (generates acl-mappings.json)')
   .action(async (options) => {
     try {
       await buildModels(options);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rapidd/build",
-  "version": "1.0.6",
+  "version": "1.0.8",
   "description": "Dynamic code generator that transforms Prisma schemas into Express.js CRUD APIs with PostgreSQL RLS-to-JavaScript translation",
   "main": "index.js",
   "bin": {

package/src/commands/build.js CHANGED Viewed

@@ -3,7 +3,7 @@ const path = require('path');
 const { parsePrismaSchema, parsePrismaDMMF } = require('../parsers/prismaParser');
 const { generateAllModels } = require('../generators/modelGenerator');
 const { generateRelationshipsFromDMMF, generateRelationshipsFromSchema } = require('../generators/relationshipsGenerator');
-const { generateRLS } = require('../generators/rlsGeneratorV2');
+const { generateACL } = require('../generators/aclGenerator');
 const { parseDatasource } = require('../parsers/datasourceParser');
 const { generateAllRoutes } = require('../generators/routeGenerator');
@@ -11,8 +11,8 @@ const { generateAllRoutes } = require('../generators/routeGenerator');
  * Generate src/Model.js base class file
  */
 function generateBaseModelFile(modelJsPath) {
-  const content = `const { QueryBuilder, prisma } = require("./QueryBuilder");
-const {rls} = require('../rapidd/rapidd');
+  const content = `const { QueryBuilder, prisma, prismaTransaction } = require("./QueryBuilder");
+const {acl} = require('../rapidd/rapidd');
 const {ErrorResponse} = require('./Api');
 class Model {
@@ -23,7 +23,7 @@ class Model {
     constructor(name, options){
         this.modelName = name;
         this.queryBuilder = new QueryBuilder(name);
-        this.rls = rls.model[name] || {};
+        this.acl = acl.model[name] || {};
         this.options = options || {}
         this.user = this.options.user || {'id': 1, 'role': 'application'};
         this.user_id = this.user ? this.user.id : null;
@@ -32,12 +32,11 @@ class Model {
     _select = (fields) => this.queryBuilder.select(fields);
     _filter = (q) => this.queryBuilder.filter(q);
     _include = (include) => this.queryBuilder.include(include, this.user);
-    // RLS METHODS
-    _canCreate = () => this.rls?.canCreate?.(this.user);
-    _hasAccess = (data) => this.rls?.hasAccess?.(data, this.user) || false;
-    _getAccessFilter = () => this.rls?.getAccessFilter?.(this.user);
-    _getUpdateFilter = () => this.rls?.getUpdateFilter?.(this.user);
-    _getDeleteFilter = () => this.rls?.getDeleteFilter?.(this.user);
+    // ACL METHODS
+    _canCreate = () => this.acl.canCreate(this.user);
+    _getAccessFilter = () => this.acl.getAccessFilter?.(this.user);
+    _getUpdateFilter = () => this.acl.getUpdateFilter(this.user);
+    _getDeleteFilter = () => this.acl.getDeleteFilter(this.user);
     _omit = () => this.queryBuilder.omit(this.user);
     /**
@@ -61,15 +60,21 @@ class Model {
         }
         // Query the database using Prisma with filters, pagination, and limits
-        return await this.prisma.findMany({
-            'where': this.filter(q),
-            'include': this.include(include),
-            'take': take,
-            'skip': skip,
-            'orderBy': this.sort(sortBy, sortOrder),
-            'omit': this._omit(),
-            ...options
-        });
+        const [data, total] = await prismaTransaction([
+            (tx) => tx[this.name].findMany({
+                'where': this.filter(q),
+                'include': this.include(include),
+                'take': take,
+                'skip': skip,
+                'orderBy': this.sort(sortBy, sortOrder),
+                'omit': this._omit(),
+                ...options
+            }),
+            (tx) => tx[this.name].count({
+                'where': this.filter(q)
+            })
+        ]);
+        return {data, total};
     }
     /**
      * @param {number} id
@@ -288,15 +293,6 @@ class Model {
         return this._getAccessFilter();
     }
-    /**
-     *
-     * @param {*} data
-     * @returns {boolean}
-     */
-    hasAccess(data) {
-        return this.user.role == "application" ? true : this._hasAccess(data, this.user);
-    }
     /**
      * Check if user can create records
      * @returns {boolean}
@@ -307,7 +303,7 @@ class Model {
     }
     /**
-     * Get update filter for RLS
+     * Get update filter for ACL
      * @returns {Object|false}
      */
     getUpdateFilter(){
@@ -319,7 +315,7 @@ class Model {
     }
     /**
-     * Get delete filter for RLS
+     * Get delete filter for ACL
      * @returns {Object|false}
      */
     getDeleteFilter(){
@@ -355,99 +351,259 @@ module.exports = {Model, QueryBuilder, prisma};
 /**
  * Generate rapidd/rapidd.js file
+ * @param {string} rapiddJsPath - Path to rapidd.js
+ * @param {boolean} isPostgreSQL - Whether the database is PostgreSQL
  */
-function generateRapiddFile(rapiddJsPath) {
-  const content = `const { PrismaClient } = require('../prisma/client');
+function generateRapiddFile(rapiddJsPath, isPostgreSQL = true) {
+  let content;
+  if (isPostgreSQL) {
+    // PostgreSQL version with RLS support
+    content = `const { PrismaClient } = require('../prisma/client');
 const { AsyncLocalStorage } = require('async_hooks');
-const rls = require('./rls');
+const acl = require('./acl');
 // Request Context Storage
 const requestContext = new AsyncLocalStorage();
 // RLS Configuration aus Environment Variables
 const RLS_CONFIG = {
-  namespace: process.env.RLS_NAMESPACE || 'app',
-  userId: process.env.RLS_USER_ID || 'current_user_id',
-  userRole: process.env.RLS_USER_ROLE || 'current_user_role',
+    namespace: process.env.RLS_NAMESPACE || 'app',
+    userId: process.env.RLS_USER_ID || 'current_user_id',
+    userRole: process.env.RLS_USER_ROLE || 'current_user_role',
 };
 // Basis Prisma Client
 const basePrisma = new PrismaClient({
-  log: process.env.NODE_ENV === 'development' ? ['query', 'error', 'warn'] : ['error'],
+    log: process.env.NODE_ENV === 'development' ? ['query', 'error', 'warn'] : ['error'],
 });
 /**
- * Setze RLS Session Variables in PostgreSQL
+ * FIXED: Setze RLS Session Variables in PostgreSQL
+ * Execute each SET command separately to avoid prepared statement error
  */
 async function setRLSVariables(tx, userId, userRole) {
     const namespace = RLS_CONFIG.namespace;
     const userIdVar = RLS_CONFIG.userId;
     const userRoleVar = RLS_CONFIG.userRole;
-    await tx.$executeRawUnsafe(\`SET LOCAL \${namespace}.\${userIdVar} = '\${userId}'\`);
-    await tx.$executeRawUnsafe(\`SET LOCAL \${namespace}.\${userRoleVar} = '\${userRole}'\`);
+    // Execute SET commands separately (PostgreSQL doesn't allow multiple commands in prepared statements)
+    await tx.$executeRawUnsafe(\`SET LOCAL "\${namespace}"."\${userIdVar}" = '\${userId}'\`);
+    await tx.$executeRawUnsafe(\`SET LOCAL "\${namespace}"."\${userRoleVar}" = '\${userRole}'\`);
 }
-// Erweiterter Prisma mit automatischer RLS
+// FIXED: Erweiterter Prisma mit automatischer RLS
 const prisma = basePrisma.$extends({
-  query: {
-    async $allOperations({ args, query }) {
-      const context = requestContext.getStore();
+    query: {
+        async $allOperations({ operation, args, query, model }) {
+            const context = requestContext.getStore();
-      // Kein Context = keine RLS (z.B. System-Operationen)
-      if (!context?.userId || !context?.userRole) {
-        return query(args);
-      }
+            // Kein Context = keine RLS (z.B. System-Operationen)
+            if (!context?.userId || !context?.userRole) {
+                return query(args);
+            }
+            const { userId, userRole } = context;
-      const { userId, userRole } = context;
+            // IMPORTANT: The entire operation must happen in ONE transaction
+            // We need to wrap the ENTIRE query execution in a single transaction
-      // Query in Transaction mit RLS ausführen
-      return basePrisma.$transaction(async (tx) => {
-        // Session-Variablen setzen
-        await setRLSVariables(tx, userId, userRole);
+            // For operations that are already transactions, just set the variables
+            if (operation === '$transaction') {
+                return basePrisma.$transaction(async (tx) => {
+                    await setRLSVariables(tx, userId, userRole);
+                    return query(args);
+                });
+            }
-        // Original Query ausführen
-        return query(args);
-      });
+            // For regular operations, wrap in transaction with RLS
+            return basePrisma.$transaction(async (tx) => {
+                // Set session variables
+                await setRLSVariables(tx, userId, userRole);
+                // Execute the original query using the transaction client
+                // This is the key: we need to use the transaction client for the query
+                if (model) {
+                    // Model query (e.g., user.findMany())
+                    return tx[model][operation](args);
+                } else {
+                    // Raw query or special operation
+                    return tx[operation](args);
+                }
+            });
+        },
     },
-  },
 });
+// Helper for batch operations in single transaction
+async function prismaTransaction(operations) {
+    const context = requestContext.getStore();
+    if (!context?.userId || !context?.userRole) {
+        return Promise.all(operations);
+    }
+    return basePrisma.$transaction(async (tx) => {
+        await setRLSVariables(tx, context.userId, context.userRole);
+        return Promise.all(operations.map(op => op(tx)));
+    });
+}
+// Alternative approach: Manual transaction wrapper
+class PrismaWithRLS {
+    constructor() {
+        this.client = basePrisma;
+    }
+    /**
+     * Execute any Prisma operation with RLS context
+     */
+    async withRLS(userId, userRole, callback) {
+        return this.client.$transaction(async (tx) => {
+            // Execute SET commands separately to avoid prepared statement error
+            await tx.$executeRawUnsafe(\`SET LOCAL app.current_user_id = '\${userId}'\`);
+            await tx.$executeRawUnsafe(\`SET LOCAL app.current_user_role = '\${userRole}'\`);
+            // Execute callback with transaction client
+            return callback(tx);
+        });
+    }
+    /**
+     * Get a proxy client for a specific user
+     * This wraps ALL operations in RLS context
+     */
+    forUser(userId, userRole) {
+        const withRLS = this.withRLS.bind(this);
+        const client = this.client;
+        return new Proxy({}, {
+            get(target, model) {
+                // Return a proxy for the model
+                return new Proxy({}, {
+                    get(modelTarget, operation) {
+                        // Return a function that wraps the operation
+                        return async (args) => {
+                            return withRLS(userId, userRole, async (tx) => {
+                                return tx[model][operation](args);
+                            });
+                        };
+                    }
+                });
+            }
+        });
+    }
+}
+const prismaWithRLS = new PrismaWithRLS();
+/**
+ * Express Middleware: Set RLS context from authenticated user
+ */
+function setRLSContext(req, res, next) {
+    if (req.user) {
+        // Set context for async operations
+        requestContext.run(
+            {
+                userId: req.user.id,
+                userRole: req.user.role
+            },
+            () => next()
+        );
+    } else {
+        next();
+    }
+}
 /**
  * Helper: System-Operationen ohne RLS (für Cron-Jobs, etc.)
  */
 async function withSystemAccess(callback) {
-  return requestContext.run(
-    { userId: 'system', userRole: 'ADMIN' },
-    callback
-  );
+    // For system access, we might not want RLS at all
+    // So we use the base client directly
+    return callback(basePrisma);
 }
 /**
  * Helper: Als bestimmter User ausführen (für Tests)
  */
 async function withUser(userId, userRole, callback) {
-  return requestContext.run({ userId, userRole }, callback);
+    return requestContext.run({ userId, userRole }, () => callback());
+}
+/**
+ * Helper: Direct transaction with RLS for complex operations
+ */
+async function transactionWithRLS(userId, userRole, callback) {
+    return basePrisma.$transaction(async (tx) => {
+        // Set RLS context for this transaction - execute separately
+        await tx.$executeRawUnsafe(\`SET LOCAL app.current_user_id = '\${userId}'\`);
+        await tx.$executeRawUnsafe(\`SET LOCAL app.current_user_role = '\${userRole}'\`);
+        // Execute callback with transaction client
+        return callback(tx);
+    });
 }
 /**
  * Helper: Hole RLS Config (für SQL Generation)
  */
 function getRLSConfig() {
-  return RLS_CONFIG;
+    return RLS_CONFIG;
 }
+// Example usage in route
+/*
+app.get('/api/users', authenticateUser, setRLSContext, async (req, res) => {
+    // Option 1: Using extended prisma (automatic RLS)
+    const users = await prisma.user.findMany();
+    // Option 2: Using manual transaction
+    const users = await transactionWithRLS(req.user.id, req.user.role, async (tx) => {
+        return tx.user.findMany();
+    });
+    // Option 3: Using forUser helper
+    const userPrisma = prismaWithRLS.forUser(req.user.id, req.user.role);
+    const users = await userPrisma.user.findMany();
+    res.json(users);
+});
+*/
+module.exports = {
+    prisma,
+    prismaTransaction,
+    basePrisma, // Export base for auth operations that don't need RLS
+    PrismaClient,
+    requestContext,
+    setRLSContext,
+    withSystemAccess,
+    withUser,
+    transactionWithRLS,
+    prismaWithRLS,
+    getRLSConfig,
+    setRLSVariables,
+    acl
+};
+`;
+  } else {
+    // Non-PostgreSQL version (MySQL, SQLite, etc.) - simplified without RLS
+    content = `const { PrismaClient } = require('../prisma/client');
+const acl = require('./acl');
+// Standard Prisma Client
+const prisma = new PrismaClient({
+    log: process.env.NODE_ENV === 'development' ? ['query', 'error', 'warn'] : ['error'],
+});
 module.exports = {
-  prisma,
-  PrismaClient,
-  requestContext,
-  withSystemAccess,
-  withUser,
-  getRLSConfig,
-  setRLSVariables,
-  rls
+    prisma,
+    PrismaClient,
+    acl
 };
 `;
+  }
   // Ensure rapidd directory exists
   const rapiddDir = path.dirname(rapiddJsPath);
@@ -514,14 +670,14 @@ async function updateRelationshipsForModel(filteredModels, relationshipsPath, pr
 }
 /**
- * Update rls.js for a specific model
+ * Update acl.js for a specific model
  */
-async function updateRLSForModel(filteredModels, allModels, rlsPath, datasource, userTable, relationships, debug = false) {
-  const { generateRLS } = require('../generators/rlsGeneratorV2');
+async function updateACLForModel(filteredModels, allModels, aclPath, datasource, userTable, relationships, debug = false) {
+  const { generateACL } = require('../generators/aclGenerator');
-  // Generate RLS for the filtered model (but pass all models for user table detection)
-  const tempPath = rlsPath + '.tmp';
-  await generateRLS(
+  // Generate ACL for the filtered model (but pass all models for user table detection)
+  const tempPath = aclPath + '.tmp';
+  await generateACL(
     filteredModels,
     tempPath,
     datasource.url,
@@ -532,11 +688,11 @@ async function updateRLSForModel(filteredModels, allModels, rlsPath, datasource,
     allModels
   );
-  // Read the generated RLS for the specific model
+  // Read the generated ACL for the specific model
   const tempContent = fs.readFileSync(tempPath, 'utf8');
   fs.unlinkSync(tempPath);
-  // Extract the model's RLS configuration
+  // Extract the model's ACL configuration
   const modelName = Object.keys(filteredModels)[0];
   // Find the start of the model definition
@@ -573,44 +729,43 @@ async function updateRLSForModel(filteredModels, allModels, rlsPath, datasource,
       if (braceCount === 0) {
         // Found the closing brace
-        const modelRls = tempContent.substring(modelStart, i + 1);
         break;
       }
     }
   }
   if (braceCount !== 0) {
-    throw new Error(`Could not extract RLS for model ${modelName} - unmatched braces`);
+    throw new Error(`Could not extract ACL for model ${modelName} - unmatched braces`);
   }
-  const modelRls = tempContent.substring(modelStart, i + 1);
+  const modelAcl = tempContent.substring(modelStart, i + 1);
-  // Read existing rls.js
-  if (fs.existsSync(rlsPath)) {
-    let existingContent = fs.readFileSync(rlsPath, 'utf8');
+  // Read existing acl.js
+  if (fs.existsSync(aclPath)) {
+    let existingContent = fs.readFileSync(aclPath, 'utf8');
-    // Check if model already exists in RLS
+    // Check if model already exists in ACL
     const existingModelPattern = new RegExp(`${modelName}:\\s*\\{[\\s\\S]*?\\n    \\}(?=,|\\n)`);
     if (existingModelPattern.test(existingContent)) {
-      // Replace existing model RLS
-      existingContent = existingContent.replace(existingModelPattern, modelRls);
+      // Replace existing model ACL
+      existingContent = existingContent.replace(existingModelPattern, modelAcl);
     } else {
-      // Add new model RLS before the closing of rls.model
+      // Add new model ACL before the closing of acl.model
       // Find the last closing brace of a model object and add comma after it
       existingContent = existingContent.replace(
         /(\n    \})\n(\};)/,
-        `$1,\n    ${modelRls}\n$2`
+        `$1,\n    ${modelAcl}\n$2`
       );
     }
-    fs.writeFileSync(rlsPath, existingContent);
+    fs.writeFileSync(aclPath, existingContent);
     console.log(`✓ Updated RLS for model: ${modelName}`);
   } else {
-    // If rls.js doesn't exist, create it with just this model
-    await generateRLS(
+    // If acl.js doesn't exist, create it with just this model
+    await generateACL(
       filteredModels,
-      rlsPath,
+      aclPath,
       datasource.url,
       datasource.isPostgreSQL,
       userTable,
@@ -642,7 +797,7 @@ async function buildModels(options) {
   const modelJsPath = path.join(srcDir, 'Model.js');
   const rapiddDir = path.join(baseDir, 'rapidd');
   const relationshipsPath = path.join(rapiddDir, 'relationships.json');
-  const rlsPath = path.join(rapiddDir, 'rls.js');
+  const aclPath = path.join(rapiddDir, 'acl.js');
   const rapiddJsPath = path.join(rapiddDir, 'rapidd.js');
   const routesDir = path.join(baseDir, 'routes', 'api', 'v1');
   const logsDir = path.join(baseDir, 'logs');
@@ -718,13 +873,13 @@ async function buildModels(options) {
   const shouldGenerate = {
     model: !options.only || options.only === 'model',
     route: !options.only || options.only === 'route',
-    rls: !options.only || options.only === 'rls',
+    acl: !options.only || options.only === 'acl',
     relationship: !options.only || options.only === 'relationship'
   };
   // Validate --only option
-  if (options.only && !['model', 'route', 'rls', 'relationship'].includes(options.only)) {
-    throw new Error(`Invalid --only value "${options.only}". Must be one of: model, route, rls, relationship`);
+  if (options.only && !['model', 'route', 'acl', 'relationship'].includes(options.only)) {
+    throw new Error(`Invalid --only value "${options.only}". Must be one of: model, route, acl, relationship`);
   }
   // Generate model files
@@ -738,10 +893,18 @@ async function buildModels(options) {
     generateBaseModelFile(modelJsPath);
   }
+  // Parse datasource to determine database type
+  let datasource = { isPostgreSQL: true };  // Default to PostgreSQL
+  try {
+    datasource = parseDatasource(schemaPath);
+  } catch (error) {
+    console.warn('Could not parse datasource, assuming PostgreSQL:', error.message);
+  }
   // Generate rapidd/rapidd.js if it doesn't exist
   if (!fs.existsSync(rapiddJsPath)) {
     console.log('Generating rapidd/rapidd.js...');
-    generateRapiddFile(rapiddJsPath);
+    generateRapiddFile(rapiddJsPath, datasource.isPostgreSQL);
   }
   // Generate relationships.json
@@ -767,9 +930,9 @@ async function buildModels(options) {
     }
   }
-  // Generate RLS configuration
-  if (shouldGenerate.rls) {
-    console.log(`\nGenerating RLS configuration...`);
+  // Generate ACL configuration
+  if (shouldGenerate.acl) {
+    console.log(`\nGenerating ACL configuration...`);
     // Load relationships for Prisma filter building
     let relationships = {};
@@ -782,21 +945,19 @@ async function buildModels(options) {
     }
     try {
-      // Parse datasource from Prisma schema to get database URL
-      const datasource = parseDatasource(schemaPath);
-      // For non-PostgreSQL databases (MySQL, SQLite, etc.), generate permissive RLS
+      // For non-PostgreSQL databases (MySQL, SQLite, etc.), generate permissive ACL
       if (!datasource.isPostgreSQL) {
-        console.log(`${datasource.provider || 'Non-PostgreSQL'} database detected - generating permissive RLS...`);
-        await generateRLS(models, rlsPath, null, false, options.userTable, relationships, options.debug);
+        console.log(`${datasource.provider || 'Non-PostgreSQL'} database detected - generating permissive ACL...`);
+        await generateACL(models, aclPath, null, false, options.userTable, relationships, options.debug);
       } else if (options.model) {
-        // Update only specific model in rls.js
-        await updateRLSForModel(filteredModels, models, rlsPath, datasource, options.userTable, relationships, options.debug);
+        // Update only specific model in acl.js
+        await updateACLForModel(filteredModels, models, aclPath, datasource, options.userTable, relationships, options.debug);
       } else {
-        // Generate RLS for all models
-        await generateRLS(
+        // Generate ACL for all models
+        await generateACL(
           models,
-          rlsPath,
+          aclPath,
           datasource.url,
           datasource.isPostgreSQL,
           options.userTable,
@@ -805,10 +966,10 @@ async function buildModels(options) {
         );
       }
     } catch (error) {
-      console.error('Failed to generate RLS:', error.message);
-      console.log('Generating permissive RLS fallback...');
+      console.error('Failed to generate ACL:', error.message);
+      console.log('Generating permissive ACL fallback...');
       // Pass null for URL and false for isPostgreSQL to skip database connection
-      await generateRLS(models, rlsPath, null, false, options.userTable, relationships, options.debug);
+      await generateACL(models, aclPath, null, false, options.userTable, relationships, options.debug);
     }
   }

package/src/generators/{rlsGeneratorV2.js → aclGenerator.js} RENAMED Viewed

@@ -30,7 +30,7 @@ function detectUserTable(models, userTableOption) {
 }
 /**
- * Extract RLS policies from PostgreSQL
+ * Extract ACL policies from PostgreSQL RLS
  */
 async function extractPostgreSQLPolicies(databaseUrl, models) {
   const client = new Client({ connectionString: databaseUrl });
@@ -48,7 +48,7 @@ async function extractPostgreSQLPolicies(databaseUrl, models) {
       policies[modelName] = [];
     }
-    // Query all RLS policies from pg_policies
+    // Query all policies from PostgreSQL RLS (pg_policies)
     const result = await client.query(`
       SELECT
         tablename,
@@ -92,16 +92,15 @@ async function extractPostgreSQLPolicies(databaseUrl, models) {
 }
 /**
- * Generate RLS functions for a single model from PostgreSQL policies
+ * Generate ACL functions for a single model from PostgreSQL policies
  */
-function generateModelRLS(modelName, policies, converter) {
+function generateModelACL(modelName, policies, converter) {
   const hasPolicies = policies && policies.length > 0;
   if (!hasPolicies) {
-    // No RLS policies - generate permissive access
+    // No policies - generate permissive access
     return `    ${modelName}: {
         canCreate: (user) => true,
-        hasAccess: (data, user) => true,
         getAccessFilter: (user) => ({}),
         getUpdateFilter: (user) => ({}),
         getDeleteFilter: (user) => ({}),
@@ -117,7 +116,6 @@ function generateModelRLS(modelName, policies, converter) {
   // Generate each function
   const canCreateCode = generateFunction(insertPolicies, 'withCheck', converter, modelName);
-  const hasAccessCode = generateFunction(selectPolicies, 'using', converter, modelName);
   const accessFilterCode = generateFilter(selectPolicies, 'using', converter, modelName);
   let updateFilterCode = generateFilter(updatePolicies, 'using', converter, modelName);
   let deleteFilterCode = generateFilter(deletePolicies, 'using', converter, modelName);
@@ -136,9 +134,6 @@ function generateModelRLS(modelName, policies, converter) {
         canCreate: (user) => {
             ${canCreateCode}
         },
-        hasAccess: (data, user) => {
-            ${hasAccessCode}
-        },
         getAccessFilter: (user) => {
             ${accessFilterCode}
         },
@@ -173,7 +168,7 @@ function generateFunction(policies, expressionField, converter, modelName) {
         console.log(`✓ Policy '${policy.name}': ${expr.substring(0, 50)}... -> ${jsExpr.substring(0, 80)}`);
         conditions.push(jsExpr);
       } catch (e) {
-        console.warn(`⚠ Failed to convert RLS policy '${policy.name}' for ${modelName}: ${e.message}`);
+        console.warn(`⚠ Failed to convert policy '${policy.name}' for ${modelName}: ${e.message}`);
         console.warn(`  SQL: ${expr}`);
         conditions.push(`true /* TODO: Manual conversion needed for policy '${policy.name}' */`);
       }
@@ -221,7 +216,7 @@ function generateFilter(policies, expressionField, converter, modelName) {
           hasDataFilter: prismaFilter !== '{}'
         });
       } catch (e) {
-        console.warn(`⚠ Failed to convert RLS filter policy '${policy.name}' for ${modelName}: ${e.message}`);
+        console.warn(`⚠ Failed to convert filter policy '${policy.name}' for ${modelName}: ${e.message}`);
         console.warn(`  SQL: ${expr}`);
         // On error, skip filter (fail-safe - no access)
       }
@@ -298,9 +293,9 @@ function buildConditionalFilter(filtersWithRoles) {
 }
 /**
- * Generate complete rls.js file
+ * Generate complete acl.js file
  */
-async function generateRLS(models, outputPath, databaseUrl, isPostgreSQL, userTableOption, relationships = {}, debug = false, allModels = null) {
+async function generateACL(models, outputPath, databaseUrl, isPostgreSQL, userTableOption, relationships = {}, debug = false, allModels = null) {
   // Use allModels for user table detection if provided (when filtering by model)
   const modelsForUserDetection = allModels || models;
   const userTable = detectUserTable(modelsForUserDetection, userTableOption);
@@ -309,7 +304,7 @@ async function generateRLS(models, outputPath, databaseUrl, isPostgreSQL, userTa
   let policies = {};
   const timestamp = new Date().toISOString();
-  let rlsCode = `const rls = {\n    model: {},\n    lastUpdateDate: '${timestamp}'\n};\n\n`;
+  let aclCode = `const acl = {\n    model: {},\n    lastUpdateDate: '${timestamp}'\n};\n\n`;
   // Create enhanced converter with analyzed functions, models, and relationships
   let converter = createEnhancedConverter({}, {}, models, relationships);
@@ -332,15 +327,15 @@ async function generateRLS(models, outputPath, databaseUrl, isPostgreSQL, userTa
       // Save function analysis for debugging (only if --debug flag is set)
       if (debug) {
-        const configPath = path.join(path.dirname(outputPath), 'rls-mappings.json');
+        const configPath = path.join(path.dirname(outputPath), 'acl-mappings.json');
         const mappingConfig = generateMappingConfig(functionAnalysis);
         fs.writeFileSync(configPath, JSON.stringify(mappingConfig, null, 2));
         console.log(`✓ Function mappings saved to ${configPath}`);
       }
-      // Also add user context requirements as a comment in rls.js
+      // Also add user context requirements as a comment in acl.js
       if (Object.keys(functionAnalysis.userContextRequirements).length > 0) {
-        rlsCode = `/**
+        aclCode = `/**
  * User Context Requirements:
  * The user object should contain:
 ${Object.entries(functionAnalysis.userContextRequirements)
@@ -348,7 +343,7 @@ ${Object.entries(functionAnalysis.userContextRequirements)
   .join('\n')}
  */
-` + rlsCode;
+` + aclCode;
       }
     } catch (error) {
       console.warn(`⚠ Could not analyze functions: ${error.message}`);
@@ -358,32 +353,32 @@ ${Object.entries(functionAnalysis.userContextRequirements)
     try {
       policies = await extractPostgreSQLPolicies(databaseUrl, models);
       const totalPolicies = Object.values(policies).reduce((sum, p) => sum + p.length, 0);
-      console.log(`✓ Extracted ${totalPolicies} RLS policies from PostgreSQL`);
+      console.log(`✓ Extracted ${totalPolicies} policies from PostgreSQL RLS`);
     } catch (error) {
-      console.warn(`⚠ Failed to extract PostgreSQL RLS: ${error.message}`);
-      console.log('Generating permissive RLS for all models...');
+      console.warn(`⚠ Failed to extract PostgreSQL policies: ${error.message}`);
+      console.log('Generating permissive ACL for all models...');
       for (const modelName of modelNames) {
         policies[modelName] = [];
       }
     }
   } else {
     if (!isPostgreSQL) {
-      console.log('Non-PostgreSQL database detected - RLS not supported');
+      console.log('Non-PostgreSQL database detected - generating permissive ACL');
     }
-    console.log('Generating permissive RLS for all models...');
+    console.log('Generating permissive ACL for all models...');
     for (const modelName of modelNames) {
       policies[modelName] = [];
     }
   }
-  // Generate RLS for each model
-  rlsCode += 'rls.model = {\n';
-  const modelRLSCode = modelNames.map(modelName => {
-    return generateModelRLS(modelName, policies[modelName], converter);
+  // Generate ACL for each model
+  aclCode += 'acl.model = {\n';
+  const modelACLCode = modelNames.map(modelName => {
+    return generateModelACL(modelName, policies[modelName], converter);
   });
-  rlsCode += modelRLSCode.join(',\n');
-  rlsCode += '\n};\n\n';
-  rlsCode += 'module.exports = rls;\n';
+  aclCode += modelACLCode.join(',\n');
+  aclCode += '\n};\n\n';
+  aclCode += 'module.exports = acl;\n';
   // Ensure output directory exists
   const outputDir = path.dirname(outputPath);
@@ -391,10 +386,10 @@ ${Object.entries(functionAnalysis.userContextRequirements)
     fs.mkdirSync(outputDir, { recursive: true });
   }
-  fs.writeFileSync(outputPath, rlsCode);
-  console.log('✓ Generated rls.js with dynamic function mappings');
+  fs.writeFileSync(outputPath, aclCode);
+  console.log('✓ Generated acl.js with dynamic function mappings');
 }
 module.exports = {
-  generateRLS
+  generateACL
 };

package/src/generators/routeGenerator.js CHANGED Viewed

@@ -26,12 +26,8 @@ router.all('*', async (req, res, next) => {
 router.get('/', async function(req, res) {
     try {
         const { q = {}, include = "", limit = 25, offset = 0, sortBy = "id", sortOrder = "asc" } = req.query;
-        const _data = req.${className}.getMany(q, include, limit, offset, sortBy, sortOrder);
-        const _count = req.${className}.count(q);
-        const [data, count] = await Promise.all([_data, _count]);
-        return res.sendList(data, {'take': req.${className}.take(Number(limit)), 'skip': req.${className}.skip(Number(offset)), 'total': count});
+        const results = await req.${className}.getMany(q, include, limit, offset, sortBy, sortOrder);
+        return res.sendList(results.data, {'take': req.${className}.take(Number(limit)), 'skip': req.${className}.skip(Number(offset)), 'total': results.total});
     }
     catch(error){
         const response = QueryBuilder.errorHandler(error);

package/src/generators/rlsGenerator.js DELETED Viewed

@@ -1,341 +0,0 @@
-const fs = require('fs');
-const path = require('path');
-const { Client } = require('pg');
-const { createConverter } = require('../parsers/autoRLSConverter');
-const { analyzeFunctions, generateMappingConfig } = require('../parsers/functionAnalyzer');
-/**
- * Auto-detect user table name (case-insensitive search for user/users)
- * @param {Object} models - Models object from parser
- * @param {string} userTableOption - User-specified table name (optional)
- * @returns {string} - Name of the user table
- */
-function detectUserTable(models, userTableOption) {
-  if (userTableOption) {
-    return userTableOption;
-  }
-  const modelNames = Object.keys(models);
-  const userTables = modelNames.filter(name =>
-    name.toLowerCase() === 'user' || name.toLowerCase() === 'users'
-  );
-  if (userTables.length === 0) {
-    throw new Error('No user table found (user/users). Please specify --user-table option.');
-  }
-  if (userTables.length > 1) {
-    throw new Error(`Multiple user tables found: ${userTables.join(', ')}. Please specify --user-table option.`);
-  }
-  return userTables[0];
-}
-/**
- * Extract RLS policies from PostgreSQL
- * @param {string} databaseUrl - PostgreSQL connection URL
- * @param {Object} models - Models object with dbName mapping
- * @returns {Object} - RLS policies for each model
- */
-async function extractPostgreSQLPolicies(databaseUrl, models) {
-  const client = new Client({ connectionString: databaseUrl });
-  try {
-    await client.connect();
-    const policies = {};
-    // Create mapping from database table name to model name
-    const tableToModelMap = {};
-    for (const [modelName, modelData] of Object.entries(models)) {
-      const dbName = modelData.dbName || modelName.toLowerCase();
-      tableToModelMap[dbName] = modelName;
-      policies[modelName] = [];
-    }
-    // Query all RLS policies from pg_policies
-    const result = await client.query(`
-      SELECT
-        tablename,
-        policyname,
-        permissive,
-        roles,
-        cmd,
-        qual,
-        with_check
-      FROM pg_policies
-      WHERE schemaname = 'public'
-      ORDER BY tablename, policyname
-    `);
-    // Group policies by model (using table to model mapping)
-    for (const row of result.rows) {
-      const tableName = row.tablename;
-      const modelName = tableToModelMap[tableName];
-      if (modelName && policies[modelName] !== undefined) {
-        policies[modelName].push({
-          name: row.policyname,
-          permissive: row.permissive === 'PERMISSIVE',
-          roles: row.roles,
-          command: row.cmd, // SELECT, INSERT, UPDATE, DELETE, ALL
-          using: row.qual, // USING expression
-          withCheck: row.with_check // WITH CHECK expression
-        });
-      }
-    }
-    await client.end();
-    return policies;
-  } catch (error) {
-    try {
-      await client.end();
-    } catch (e) {
-      // Ignore cleanup errors
-    }
-    throw error;
-  }
-}
-/**
- * Generate RLS functions for a single model from PostgreSQL policies
- * @param {string} modelName - Name of the model
- * @param {Array} policies - Array of policy objects for this model
- * @param {string} userTable - Name of the user table
- * @returns {string} - JavaScript code for RLS functions
- */
-function generateModelRLS(modelName, policies, userTable) {
-  const hasPolicies = policies && policies.length > 0;
-  if (!hasPolicies) {
-    // No RLS policies - generate permissive access
-    return `    ${modelName}: {
-        canCreate: (user) => true,
-        hasAccess: (data, user) => true,
-        getAccessFilter: (user) => ({}),
-        getUpdateFilter: (user) => ({}),
-        getDeleteFilter: (user) => ({}),
-        getOmitFields: (user) => []
-    }`;
-  }
-  // Find policies by command type
-  const selectPolicies = policies.filter(p => p.command === 'SELECT' || p.command === 'ALL');
-  const insertPolicies = policies.filter(p => p.command === 'INSERT' || p.command === 'ALL');
-  const updatePolicies = policies.filter(p => p.command === 'UPDATE' || p.command === 'ALL');
-  const deletePolicies = policies.filter(p => p.command === 'DELETE' || p.command === 'ALL');
-  // Generate canCreate (INSERT policies with WITH CHECK)
-  const canCreateCode = generateCanCreate(insertPolicies);
-  // Generate hasAccess (SELECT policies with USING)
-  const hasAccessCode = generateHasAccess(selectPolicies);
-  // Generate getAccessFilter (SELECT policies)
-  const accessFilterCode = generateFilter(selectPolicies, 'using');
-  // Generate getUpdateFilter (UPDATE policies)
-  const updateFilterCode = generateFilter(updatePolicies, 'using');
-  // Generate getDeleteFilter (DELETE policies)
-  const deleteFilterCode = generateFilter(deletePolicies, 'using');
-  return `    ${modelName}: {
-        canCreate: (user) => {
-            ${canCreateCode}
-        },
-        hasAccess: (data, user) => {
-            ${hasAccessCode}
-        },
-        getAccessFilter: (user) => {
-            ${accessFilterCode}
-        },
-        getUpdateFilter: (user) => {
-            ${updateFilterCode}
-        },
-        getDeleteFilter: (user) => {
-            ${deleteFilterCode}
-        },
-        getOmitFields: (user) => []
-    }`;
-}
-/**
- * Generate canCreate function from INSERT policies
- */
-function generateCanCreate(insertPolicies, converter) {
-  if (insertPolicies.length === 0) {
-    return 'return true;';
-  }
-  const conditions = [];
-  for (const policy of insertPolicies) {
-    const expr = policy.withCheck || policy.using;
-    if (expr) {
-      try {
-        const jsExpr = converter.convertToJavaScript(expr, 'data', 'user');
-        conditions.push(jsExpr);
-      } catch (e) {
-        conditions.push(`true /* Error parsing: ${expr.substring(0, 50)}... */`);
-      }
-    }
-  }
-  if (conditions.length === 0) {
-    return 'return true;';
-  }
-  // Policies are OR'd together (any policy allows)
-  return `return ${conditions.join(' || ')};`;
-}
-/**
- * Generate hasAccess function from SELECT policies
- */
-function generateHasAccess(selectPolicies) {
-  if (selectPolicies.length === 0) {
-    return 'return true;';
-  }
-  const conditions = [];
-  for (const policy of selectPolicies) {
-    if (policy.using) {
-      try {
-        const jsExpr = convertToJavaScript(policy.using, 'data', 'user');
-        conditions.push(jsExpr);
-      } catch (e) {
-        conditions.push(`true /* Error parsing: ${policy.using.substring(0, 50)}... */`);
-      }
-    }
-  }
-  if (conditions.length === 0) {
-    return 'return true;';
-  }
-  // Policies are OR'd together (any policy allows)
-  return `return ${conditions.join(' || ')};`;
-}
-/**
- * Generate Prisma filter function
- */
-function generateFilter(policies, expressionField) {
-  if (policies.length === 0) {
-    return 'return {};';
-  }
-  const filters = [];
-  for (const policy of policies) {
-    const expr = policy[expressionField];
-    if (expr) {
-      try {
-        const prismaFilter = convertToPrismaFilter(expr, 'user');
-        if (prismaFilter !== '{}') {
-          filters.push(prismaFilter);
-        }
-      } catch (e) {
-        // On error, return empty filter (permissive)
-      }
-    }
-  }
-  if (filters.length === 0) {
-    return 'return {};';
-  }
-  if (filters.length === 1) {
-    return `return ${filters[0]};`;
-  }
-  // Multiple policies are OR'd together
-  return `return { OR: [${filters.join(', ')}] };`;
-}
-/**
- * Generate complete rls.js file
- * @param {Object} models - Models object
- * @param {string} outputPath - Path to output rls.js
- * @param {string} databaseUrl - Database connection URL
- * @param {boolean} isPostgreSQL - Whether database is PostgreSQL
- * @param {string} userTableOption - User-specified table name
- */
-async function generateRLS(models, outputPath, databaseUrl, isPostgreSQL, userTableOption, debug = false) {
-  const userTable = detectUserTable(models, userTableOption);
-  const modelNames = Object.keys(models);
-  let policies = {};
-  const timestamp = new Date().toISOString();
-  let rlsCode = `const rls = {\n    model: {},\n    lastUpdateDate: '${timestamp}'\n};\n\n`;
-  // Analyze PostgreSQL functions if available
-  let functionAnalysis = null;
-  if (isPostgreSQL && databaseUrl) {
-    console.log('PostgreSQL detected - analyzing database functions...');
-    try {
-      functionAnalysis = await analyzeFunctions(databaseUrl);
-      console.log(`✓ Analyzed ${Object.keys(functionAnalysis.functionMappings).length} PostgreSQL functions`);
-      // Save function analysis for debugging/manual adjustment (only if --debug flag is set)
-      if (debug) {
-        const configPath = path.join(path.dirname(outputPath), 'rls-mappings.json');
-        const mappingConfig = generateMappingConfig(functionAnalysis);
-        fs.writeFileSync(configPath, JSON.stringify(mappingConfig, null, 2));
-        console.log(`✓ Function mappings saved to ${configPath}`);
-      }
-    } catch (error) {
-      console.warn(`⚠ Could not analyze functions: ${error.message}`);
-    }
-    console.log('Extracting RLS policies from database...');
-    try {
-      policies = await extractPostgreSQLPolicies(databaseUrl, models);
-      const totalPolicies = Object.values(policies).reduce((sum, p) => sum + p.length, 0);
-      console.log(`✓ Extracted ${totalPolicies} RLS policies from PostgreSQL`);
-    } catch (error) {
-      console.warn(`⚠ Failed to extract PostgreSQL RLS: ${error.message}`);
-      console.log('Generating permissive RLS for all models...');
-      // Initialize empty policies for all models
-      for (const modelName of modelNames) {
-        policies[modelName] = [];
-      }
-    }
-  } else {
-    if (!isPostgreSQL) {
-      console.log('Non-PostgreSQL database detected (MySQL/SQLite/etc) - RLS not supported');
-    }
-    console.log('Generating permissive RLS for all models...');
-    // Initialize empty policies for all models
-    for (const modelName of modelNames) {
-      policies[modelName] = [];
-    }
-  }
-  // Generate RLS for each model
-  rlsCode += 'rls.model = {\n';
-  const modelRLSCode = modelNames.map(modelName => {
-    return generateModelRLS(modelName, policies[modelName], userTable);
-  });
-  rlsCode += modelRLSCode.join(',\n');
-  rlsCode += '\n};\n\n';
-  rlsCode += 'module.exports = rls;\n';
-  // Ensure output directory exists
-  const outputDir = path.dirname(outputPath);
-  if (!fs.existsSync(outputDir)) {
-    fs.mkdirSync(outputDir, { recursive: true });
-  }
-  fs.writeFileSync(outputPath, rlsCode);
-  console.log('Generated rls.js');
-}
-module.exports = {
-  generateRLS
-};