@rapidd/build 1.1.0 → 1.1.1

package/README.md

@@ -5,7 +5,7 @@ Dynamic code generator that transforms Prisma schemas into complete Express.js C
 ## Features
 
 - 🚀 **Automatic CRUD API Generation** - Creates Express.js routes from Prisma models
-- 🔒 **RLS Translation** - Converts PostgreSQL Row-Level Security policies to JavaScript/Prisma filters (ACL)
+- 🔒 **RLS Translation** - Converts PostgreSQL Row-Level Security policies to JavaScript/Prisma filters (ACL: Access Control Layer)
 - 🎯 **Dynamic & Schema-Aware** - Zero hardcoding, adapts to any database structure
 - 🔗 **Relationship Handling** - Supports 1:1, 1:n, n:m including junction tables
 - 👥 **Role-Based Access Control** - Properly handles role checks in filters
@@ -50,7 +50,7 @@ npx rapidd build --user-table accounts
 - `-s, --schema <path>` - Prisma schema file (default: `./prisma/schema.prisma`)
 - `-m, --model <name>` - Generate/update only specific model (e.g., "account", "user")
 - `--only <component>` - Generate only specific component: "model", "route", "acl", or "relationship"
-- `--user-table <name>` - User table name for RLS (default: auto-detected)
+- `--user-table <name>` - User table name for ACL (default: auto-detected)
 
 ## Selective Generation
 
@@ -122,9 +122,6 @@ CREATE POLICY user_policy ON posts
 
 **Generated JavaScript:**
 ```javascript
-hasAccess: (data, user) => {
-  return data?.author_id === user?.id || ['admin', 'moderator'].includes(user?.role);
-},
 getAccessFilter: (user) => {
   if (['admin', 'moderator'].includes(user?.role)) return {};
   return { author_id: user?.id };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rapidd/build",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "Dynamic code generator that transforms Prisma schemas into Express.js CRUD APIs with PostgreSQL RLS-to-JavaScript translation",
   "main": "index.js",
   "bin": {

package/src/commands/build.js

@@ -74,7 +74,7 @@ class Model {
                 'where': this.filter(q)
             })
         ]);
-        return {data, total};
+        return {data, meta: {take, skip, total}};
     }
     /**
      * @param {number} id

package/src/generators/aclGenerator.js

@@ -1,7 +1,6 @@
 const fs = require('fs');
 const path = require('path');
 const { Client } = require('pg');
-const { createConverter } = require('../parsers/autoRLSConverter');
 const { createEnhancedConverter } = require('../parsers/enhancedRLSConverter');
 const { analyzeFunctions, generateMappingConfig } = require('../parsers/functionAnalyzer');
 

package/src/generators/relationshipsGenerator.js

@@ -48,9 +48,15 @@ function generateRelationships(models, outputPath) {
         // Find the foreign key field name
         const foreignKeyField = findForeignKeyField(relation, modelInfo, relatedModel);
 
+        if (!foreignKeyField) {
+          // Skip this relationship if we can't find the FK field
+          // This usually means the FK is on the other side of the relation
+          continue;
+        }
+
         relationships[modelName][relation.name] = {
           'object': relation.type,
-          'field': foreignKeyField || `${relation.type}_id` // Use actual FK or fallback to convention
+          'field': foreignKeyField
         };
       }
     }
@@ -74,39 +80,32 @@ function generateRelationships(models, outputPath) {
  * @returns {string|null} - Foreign key field name
  */
 function findForeignKeyField(relation, currentModel, relatedModel) {
-  // If relation has relationFromFields, use it
-  if (relation.relationFromFields && relation.relationFromFields.length > 0) {
-    return relation.relationFromFields[0];
-  }
+  // IMPORTANT: The foreign key field is where the @relation(fields: [...]) is defined
 
-  // For array relations (one-to-many from parent), look for the FK in the related model
+  // For array relations (one-to-many), the FK is in the related model (child)
   if (relation.isArray) {
-    // Find which field in the related model points back to current model
-    for (const [fieldName, fieldInfo] of Object.entries(relatedModel.fields)) {
-      if (fieldInfo.relationName === relation.relationName &&
-          fieldInfo.relationFromFields &&
-          fieldInfo.relationFromFields.length > 0) {
-        // This is the FK field in the related model
-        return fieldInfo.relationFromFields[0];
+    // Find the corresponding relation in the related model that points back
+    for (const relField of Object.values(relatedModel.fields)) {
+      if (relField.kind === 'object' &&
+          relField.relationName === relation.relationName &&
+          relField.relationFromFields &&
+          relField.relationFromFields.length > 0) {
+        // This is the FK field in the child (related) model
+        return relField.relationFromFields[0];
       }
     }
-
-    // Fallback: convention-based
-    return `${relation.type}_id`;
+    // Fallback
+    return null;
   }
 
-  // For singular relations (many-to-one), find the FK in current model
-  for (const [fieldName, fieldInfo] of Object.entries(currentModel.fields)) {
-    if (fieldInfo.relationName === relation.relationName &&
-        fieldInfo.relationToFields &&
-        fieldInfo.relationToFields.length > 0) {
-      // Found the matching relation field, return its FK
-      return fieldName;
-    }
+  // For singular relations (many-to-one or one-to-one), check if THIS relation has fields defined
+  if (relation.relationFromFields && relation.relationFromFields.length > 0) {
+    // The FK is in the current model
+    return relation.relationFromFields[0];
   }
 
-  // Final fallback
-  return `${relation.type}_id`;
+  // If no fields on this side, the FK must be on the other side (shouldn't use this relation for filtering)
+  return null;
 }
 
 /**

package/src/generators/routeGenerator.js

@@ -27,7 +27,7 @@ router.get('/', async function(req, res) {
     try {
         const { q = {}, include = "", limit = 25, offset = 0, sortBy = "id", sortOrder = "asc" } = req.query;
         const results = await req.${className}.getMany(q, include, limit, offset, sortBy, sortOrder);
-        return res.sendList(results.data, {'take': req.${className}.take(Number(limit)), 'skip': req.${className}.skip(Number(offset)), 'total': results.total});
+        return res.sendList(results.data, results.meta);
     }
     catch(error){
         const response = QueryBuilder.errorHandler(error);

package/src/parsers/prismaParser.js

@@ -248,8 +248,18 @@ async function parsePrismaDMMF(prismaClientPath) {
             name: field.name,
             type: field.type,
             isArray: field.isList,
-            optional: !field.isRequired
+            optional: !field.isRequired,
+            relationName: field.relationName,
+            relationFromFields: field.relationFromFields || [],
+            relationToFields: field.relationToFields || [],
+            kind: field.kind
           });
+
+          // Also add these to the field object for consistency
+          models[model.name].fields[field.name].relationName = field.relationName;
+          models[model.name].fields[field.name].relationFromFields = field.relationFromFields || [];
+          models[model.name].fields[field.name].relationToFields = field.relationToFields || [];
+          models[model.name].fields[field.name].kind = field.kind;
         }
       }
     }

package/src/parsers/advancedRLSConverter.js

@@ -1,305 +0,0 @@
-/**
- * Advanced PostgreSQL RLS to JavaScript/Prisma Converter
- * Handles real production PostgreSQL RLS patterns with custom functions
- */
-
-/**
- * Main converter function - PostgreSQL RLS to JavaScript
- */
-function convertToJavaScript(sql, dataVar = 'data', userVar = 'user') {
-  if (!sql || sql.trim() === '') {
-    return 'true';
-  }
-
-  sql = sql.trim();
-
-  // Remove extra whitespace and newlines for consistent parsing
-  sql = sql.replace(/\s+/g, ' ').replace(/\n/g, ' ');
-
-  // Handle CASE WHEN expressions
-  if (sql.toUpperCase().startsWith('CASE')) {
-    return convertCaseWhen(sql, dataVar, userVar);
-  }
-
-  // Handle combined conditions with OR
-  const orMatch = sql.match(/\((.*?)\)\s+OR\s+\((.*?)\)/i);
-  if (orMatch) {
-    const left = convertToJavaScript(orMatch[1], dataVar, userVar);
-    const right = convertToJavaScript(orMatch[2], dataVar, userVar);
-    return `(${left} || ${right})`;
-  }
-
-  // Handle role checks: get_current_user_role() = ANY (ARRAY[...])
-  if (sql.includes('get_current_user_role')) {
-    return convertRoleCheck(sql, userVar);
-  }
-
-  // Handle field comparisons with custom functions
-  const customFuncPatterns = [
-    { pattern: /teacher_id\s*=\s*get_current_teacher_id\(\)/i, replacement: `${dataVar}?.teacher_id === ${userVar}?.teacher_id` },
-    { pattern: /student_id\s*=\s*get_current_student_id\(\)/i, replacement: `${dataVar}?.student_id === ${userVar}?.student_id` },
-    { pattern: /user_id\s*=\s*\(\s*current_setting\s*\(\s*'app\.current_user_id'[^)]*\)[^)]*\)/i, replacement: `${dataVar}?.user_id === ${userVar}?.id` },
-    { pattern: /id\s*=\s*\(\s*current_setting\s*\(\s*'app\.current_user_id'[^)]*\)[^)]*\)/i, replacement: `${dataVar}?.id === ${userVar}?.id` },
-    { pattern: /(\w+)\s*=\s*get_current_teacher_id\(\)/i, replacement: (m) => `${dataVar}?.${m[1]} === ${userVar}?.teacher_id` },
-    { pattern: /(\w+)\s*=\s*get_current_student_id\(\)/i, replacement: (m) => `${dataVar}?.${m[1]} === ${userVar}?.student_id` }
-  ];
-
-  for (const { pattern, replacement } of customFuncPatterns) {
-    if (pattern.test(sql)) {
-      if (typeof replacement === 'function') {
-        const match = sql.match(pattern);
-        return replacement(match);
-      }
-      return replacement;
-    }
-  }
-
-  // Handle EXISTS subqueries
-  if (sql.includes('EXISTS')) {
-    return convertExistsSubquery(sql, dataVar, userVar);
-  }
-
-  // Fallback for unhandled patterns
-  return `true /* Complex RLS expression: ${sql.substring(0, 80)}... */`;
-}
-
-/**
- * Convert role check expressions
- */
-function convertRoleCheck(sql, userVar) {
-  // Extract roles from ARRAY[...] pattern
-  const arrayMatch = sql.match(/ARRAY\s*\[([^\]]+)\]/i);
-  if (arrayMatch) {
-    const roles = arrayMatch[1]
-      .split(',')
-      .map(r => r.trim())
-      .map(r => r.replace(/::[^,\]]+/g, '')) // Remove type casts (including "character varying")
-      .map(r => r.replace(/^'|'$/g, '')) // Remove quotes
-      .map(r => `'${r}'`)
-      .join(', ');
-    return `[${roles}].includes(${userVar}?.role)`;
-  }
-
-  // Simple role equality
-  const simpleMatch = sql.match(/get_current_user_role\(\)[^=]*=\s*'([^']+)'/i);
-  if (simpleMatch) {
-    return `${userVar}?.role === '${simpleMatch[1]}'`;
-  }
-
-  return `true /* Unparseable role check */`;
-}
-
-/**
- * Convert CASE WHEN expressions
- */
-function convertCaseWhen(sql, dataVar, userVar) {
-  // Extract the CASE expression and branches
-  const caseMatch = sql.match(/CASE\s+(\S+(?:\([^)]*\))?)\s+((?:WHEN[\s\S]+?)+)\s*(?:ELSE\s+([\s\S]+?))?\s*END/i);
-
-  if (!caseMatch) {
-    return `false /* Unparseable CASE expression */`;
-  }
-
-  const caseExpr = caseMatch[1];
-  const whenClauses = caseMatch[2];
-  const elseClause = caseMatch[3];
-
-  // Determine what's being tested
-  let testExpr = '';
-  if (caseExpr.includes('get_current_user_role')) {
-    testExpr = `${userVar}?.role`;
-  } else if (caseExpr.includes('get_current_teacher_id')) {
-    testExpr = `${userVar}?.teacher_id`;
-  } else if (caseExpr.includes('get_current_student_id')) {
-    testExpr = `${userVar}?.student_id`;
-  } else {
-    return `false /* Unsupported CASE expression: ${caseExpr} */`;
-  }
-
-  // Parse WHEN branches
-  const whenPattern = /WHEN\s+'?([^':\s]+)'?(?:::\w+)?\s+THEN\s+((?:(?!WHEN\s+|ELSE\s+|END).)+)/gi;
-  const conditions = [];
-
-  let match;
-  while ((match = whenPattern.exec(whenClauses)) !== null) {
-    const value = match[1];
-    const thenExpr = match[2].trim();
-
-    if (thenExpr.toLowerCase() === 'true') {
-      conditions.push(`${testExpr} === '${value}'`);
-    } else if (thenExpr.toLowerCase() === 'false') {
-      // Skip false conditions
-    } else {
-      // Complex THEN expression
-      const convertedThen = convertThenExpression(thenExpr, dataVar, userVar);
-      if (convertedThen !== 'false') {
-        conditions.push(`(${testExpr} === '${value}' && ${convertedThen})`);
-      }
-    }
-  }
-
-  // Handle ELSE clause
-  if (elseClause && elseClause.trim().toLowerCase() === 'true') {
-    conditions.push('true');
-  }
-
-  return conditions.length > 0 ? conditions.join(' || ') : 'false';
-}
-
-/**
- * Convert THEN expressions in CASE WHEN
- */
-function convertThenExpression(expr, dataVar, userVar) {
-  expr = expr.trim();
-
-  // Remove parentheses
-  if (expr.startsWith('(') && expr.endsWith(')')) {
-    expr = expr.substring(1, expr.length - 1).trim();
-  }
-
-  // Handle EXISTS
-  if (expr.includes('EXISTS')) {
-    return convertExistsSubquery(expr, dataVar, userVar);
-  }
-
-  // Handle field = function() patterns
-  const patterns = [
-    { regex: /teacher_id\s*=\s*get_current_teacher_id\(\)/i, js: `${dataVar}?.teacher_id === ${userVar}?.teacher_id` },
-    { regex: /student_id\s*=\s*get_current_student_id\(\)/i, js: `${dataVar}?.student_id === ${userVar}?.student_id` },
-    { regex: /id\s*=\s*\(\s*current_setting\s*\(\s*'app\.current_user_id'[^)]*\)[^)]*\)/i, js: `${dataVar}?.id === ${userVar}?.id` },
-    { regex: /(\w+)\s*=\s*get_current_(\w+)_id\(\)/i, handler: (m) => `${dataVar}?.${m[1]} === ${userVar}?.${m[2]}_id` }
-  ];
-
-  for (const pattern of patterns) {
-    if (pattern.regex.test(expr)) {
-      if (pattern.handler) {
-        const match = expr.match(pattern.regex);
-        return pattern.handler(match);
-      }
-      return pattern.js;
-    }
-  }
-
-  return 'true';
-}
-
-/**
- * Convert EXISTS subqueries to JavaScript
- * These typically check relationships between tables
- */
-function convertExistsSubquery(sql, dataVar, userVar) {
-  // Common patterns in EXISTS subqueries
-
-  // Pattern 1: Check if student_tariff belongs to current student
-  if (sql.includes('student_tariff') && sql.includes('get_current_student_id')) {
-    return `true /* TODO: Check if ${dataVar}?.student_tariff.student_id === ${userVar}?.student_id */`;
-  }
-
-  // Pattern 2: Check if teacher has access
-  if (sql.includes('get_current_teacher_id')) {
-    return `true /* TODO: Check if ${dataVar} is accessible to teacher ${userVar}?.teacher_id */`;
-  }
-
-  // Pattern 3: Check user address relationships
-  if (sql.includes('contact_address_id') || sql.includes('billing_address_id')) {
-    return `true /* TODO: Check if address belongs to user via contact_address_id or billing_address_id */`;
-  }
-
-  // Pattern 4: Generic student access check
-  if (sql.includes('student') && sql.includes('get_current_student_id')) {
-    return `true /* TODO: Check student relationship */`;
-  }
-
-  // Default EXISTS handling
-  return `true /* EXISTS subquery requires manual implementation */`;
-}
-
-/**
- * Convert to Prisma filter
- */
-function convertToPrismaFilter(sql, userVar = 'user') {
-  if (!sql || sql.trim() === '') {
-    return '{}';
-  }
-
-  sql = sql.trim().replace(/\s+/g, ' ').replace(/\n/g, ' ');
-
-  // Role-based filters can't be directly applied in Prisma WHERE clause
-  if (sql.includes('get_current_user_role')) {
-    return '{}'; // Role checks are done in hasAccess, not in filter
-  }
-
-  // Handle CASE WHEN - extract filterable conditions
-  if (sql.toUpperCase().startsWith('CASE')) {
-    return convertCaseWhenToPrisma(sql, userVar);
-  }
-
-  // Handle simple field comparisons
-  const patterns = [
-    { regex: /teacher_id\s*=\s*get_current_teacher_id\(\)/i, filter: `{ teacher_id: ${userVar}?.teacher_id }` },
-    { regex: /student_id\s*=\s*get_current_student_id\(\)/i, filter: `{ student_id: ${userVar}?.student_id }` },
-    { regex: /user_id\s*=\s*\(\s*current_setting\s*\(\s*'app\.current_user_id'/i, filter: `{ user_id: ${userVar}?.id }` },
-    { regex: /^id\s*=\s*\(\s*current_setting\s*\(\s*'app\.current_user_id'/i, filter: `{ id: ${userVar}?.id }` }
-  ];
-
-  for (const pattern of patterns) {
-    if (pattern.regex.test(sql)) {
-      return pattern.filter;
-    }
-  }
-
-  // Handle OR conditions
-  const orMatch = sql.match(/\((.*?)\)\s+OR\s+\((.*?)\)/i);
-  if (orMatch) {
-    const left = convertToPrismaFilter(orMatch[1], userVar);
-    const right = convertToPrismaFilter(orMatch[2], userVar);
-    if (left !== '{}' && right !== '{}') {
-      return `{ OR: [${left}, ${right}] }`;
-    } else if (left !== '{}') {
-      return left;
-    } else if (right !== '{}') {
-      return right;
-    }
-  }
-
-  return '{}';
-}
-
-/**
- * Convert CASE WHEN to Prisma filter
- */
-function convertCaseWhenToPrisma(sql, userVar) {
-  // Extract field-based conditions that can be filtered in Prisma
-  const filters = [];
-
-  // Look for teacher_id = get_current_teacher_id()
-  if (sql.includes('teacher_id') && sql.includes('get_current_teacher_id')) {
-    filters.push(`{ teacher_id: ${userVar}?.teacher_id }`);
-  }
-
-  // Look for student_id = get_current_student_id()
-  if (sql.includes('student_id') && sql.includes('get_current_student_id')) {
-    filters.push(`{ student_id: ${userVar}?.student_id }`);
-  }
-
-  // Look for id = current_setting('app.current_user_id')
-  if (sql.match(/id\s*=\s*\(\s*current_setting\s*\(\s*'app\.current_user_id'/i)) {
-    filters.push(`{ id: ${userVar}?.id }`);
-  }
-
-  if (filters.length === 0) {
-    return '{}';
-  }
-
-  if (filters.length === 1) {
-    return filters[0];
-  }
-
-  // Multiple conditions are OR'd in CASE WHEN
-  return `{ OR: [${filters.join(', ')}] }`;
-}
-
-module.exports = {
-  convertToJavaScript,
-  convertToPrismaFilter
-};