@rebasepro/server-core 0.0.1-canary.4d4fb3e

package/dist/server-core/src/api/ast-schema-editor.d.ts

@@ -0,0 +1,21 @@
+export declare class AstSchemaEditor {
+    private project;
+    private collectionsDir;
+    constructor(collectionsDir: string);
+    /**
+     * Sanitize collectionId to prevent path traversal attacks.
+     * Only allows alphanumeric characters, underscores, and hyphens.
+     */
+    private sanitizeCollectionId;
+    /**
+     * Resolve a file path and ensure it falls within the collectionsDir.
+     */
+    private safePath;
+    private getCollectionFile;
+    private getCollectionObject;
+    private convertJsonToAstString;
+    saveProperty(collectionId: string, propertyKey: string, propertyConfig: Record<string, unknown>): Promise<void>;
+    deleteProperty(collectionId: string, propertyKey: string): Promise<void>;
+    saveCollection(collectionId: string, collectionData: Record<string, unknown>): Promise<void>;
+    deleteCollection(collectionId: string): Promise<void>;
+}

package/dist/server-core/src/api/collections_for_test/callbacks_test_collection.d.ts

@@ -0,0 +1,2 @@
+import { PostgresCollection } from "@rebasepro/types";
+export declare const callbacksTestCollection: PostgresCollection;

package/dist/server-core/src/api/errors.d.ts

@@ -0,0 +1,35 @@
+import { ErrorHandler } from "hono";
+/**
+ * Standardized API error class.
+ * Throw this from any route handler — the errorHandler middleware
+ * will format it into `{ error: { message, code, details? } }`.
+ */
+export declare class ApiError extends Error {
+    readonly statusCode: number;
+    readonly code: string;
+    readonly details?: unknown;
+    constructor(statusCode: number, code: string, message: string, details?: unknown);
+    static badRequest(message: string, code?: string, details?: unknown): ApiError;
+    static unauthorized(message: string, code?: string): ApiError;
+    static forbidden(message: string, code?: string): ApiError;
+    static notFound(message: string, code?: string): ApiError;
+    static conflict(message: string, code?: string): ApiError;
+    static internal(message: string, code?: string): ApiError;
+    static serviceUnavailable(message: string, code?: string): ApiError;
+}
+/**
+ * Canonical error response shape:
+ * `{ error: { message: string, code: string, details?: unknown } }`
+ */
+export interface ErrorResponse {
+    error: {
+        message: string;
+        code: string;
+        details?: unknown;
+    };
+}
+/**
+ * Hono error-handling middleware (`app.onError`).
+ * Converts any error into the canonical `{ error: { message, code } }` shape.
+ */
+export declare const errorHandler: ErrorHandler;

package/dist/server-core/src/api/graphql/graphql-schema-generator.d.ts

@@ -0,0 +1,35 @@
+import { GraphQLSchema } from "graphql";
+import { DataDriver, EntityCollection } from "@rebasepro/types";
+/**
+ * Lightweight GraphQL schema generator that leverages existing DataDriver
+ * No duplication - uses your existing data layer and services
+ */
+export declare class GraphQLSchemaGenerator {
+    private collections;
+    private driver;
+    private typeRegistry;
+    private inputTypeRegistry;
+    constructor(collections: EntityCollection[], driver: DataDriver);
+    /**
+     * Generate complete GraphQL schema using existing DataDriver
+     */
+    generateSchema(): GraphQLSchema;
+    /**
+     * Create GraphQL type for an entity collection
+     */
+    private createEntityType;
+    private convertPropertyToField;
+    private createInputType;
+    private convertPropertyToInputType;
+    /**
+     * Create Query type using existing DataDriver methods
+     */
+    private createQueryType;
+    /**
+     * Create Mutation type using existing DataDriver methods
+     */
+    private createMutationType;
+    private getTypeName;
+    private getSingleQueryName;
+    private getListQueryName;
+}

package/dist/server-core/src/api/graphql/index.d.ts

@@ -0,0 +1 @@
+export * from "./graphql-schema-generator";

package/dist/server-core/src/api/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * API generation infrastructure for Rebase
+ * Automatically generates GraphQL and REST APIs from EntityCollection definitions
+ */
+export * from "./graphql";
+export * from "./rest";
+export * from "./types";
+export * from "./errors";
+export * from "./server";

package/dist/server-core/src/api/openapi-generator.d.ts

@@ -0,0 +1,2 @@
+import { EntityCollection } from "@rebasepro/types";
+export declare function generateOpenApiSpec(collections: EntityCollection[], basePath?: string): Record<string, unknown>;

package/dist/server-core/src/api/rest/api-generator.d.ts

@@ -0,0 +1,64 @@
+import { Hono } from "hono";
+import { DataDriver, EntityCollection } from "@rebasepro/types";
+import { HonoEnv } from "../types";
+/**
+ * Lightweight REST API generator that leverages existing Rebase DataDriver.
+ * Supports `include` query parameter for eager-loading relations via Drizzle.
+ */
+export declare class RestApiGenerator {
+    private collections;
+    private router;
+    private driver;
+    constructor(collections: EntityCollection[], driver: DataDriver);
+    /**
+     * Generate REST routes using existing DataDriver
+     */
+    generateRoutes(): Hono<HonoEnv>;
+    /**
+     * Get the EntityFetchService from a driver if it exposes one (for include support)
+     */
+    private getFetchService;
+    /**
+     * Create REST routes for a collection using existing Rebase patterns
+     */
+    private createCollectionRoutes;
+    /**
+     * Catch-all routes for subcollection paths.
+     *
+     * Matches URL patterns like:
+     *   GET    /authors/111094/posts          → list child collection
+     *   GET    /authors/111094/posts/43       → get child entity
+     *   POST   /authors/111094/posts          → create child entity
+     *   PUT    /authors/111094/posts/43       → update child entity
+     *   DELETE /authors/111094/posts/43       → delete child entity
+     *
+     * The `:rest{.+}` regex param captures the full remainder of the URL
+     * path (Hono v4 `*` wildcard does not populate `c.req.param("*")`).
+     * We split it into segments and reconstruct the `collectionPath`
+     * (e.g. "authors/111094/posts") and optional `entityId` (e.g. "43").
+     *
+     * The DataDriver.saveEntity / fetchCollection / etc. already know how to
+     * resolve multi-segment relation paths, so we just forward to them.
+     */
+    private createSubcollectionRoutes;
+    /**
+     * Format successful API response - flattened for traditional REST API
+     */
+    private formatResponse;
+    /**
+     * Flatten Rebase entity structure to traditional REST format
+     */
+    private flattenEntity;
+    /**
+     * Fetch raw collection data without Entity wrapper (fallback for non-Postgres)
+     */
+    private fetchRawCollection;
+    /**
+     * Count raw entities for a collection
+     */
+    private countRawEntities;
+    /**
+     * Fetch single entity raw data without Entity wrapper (fallback)
+     */
+    private fetchRawEntity;
+}

package/dist/server-core/src/api/rest/index.d.ts

@@ -0,0 +1 @@
+export * from "./api-generator";

package/dist/server-core/src/api/rest/query-parser.d.ts

@@ -0,0 +1,9 @@
+import { QueryOptions } from "../types";
+/**
+ * Map PostgREST-style operators to Rebase WhereFilterOp
+ */
+export declare function mapOperator(op: string): string | null;
+/**
+ * Parse query parameters into QueryOptions
+ */
+export declare function parseQueryOptions(query: Record<string, unknown>): QueryOptions;

package/dist/server-core/src/api/schema-editor-routes.d.ts

@@ -0,0 +1,3 @@
+import { Hono } from "hono";
+import { HonoEnv } from "./types";
+export declare function createSchemaEditorRoutes(collectionsDir: string): Hono<HonoEnv>;

package/dist/server-core/src/api/server.d.ts

@@ -0,0 +1,40 @@
+import { Hono } from "hono";
+import { DataDriver } from "@rebasepro/types";
+import { ApiConfig, HonoEnv } from "./types";
+/**
+ * Simplified API server that leverages existing Rebase infrastructure
+ * Can be used standalone or mounted on existing Hono app
+ */
+export declare class RebaseApiServer {
+    private app;
+    private router;
+    private config;
+    private driver;
+    private constructor();
+    /**
+     * Factory method to create an asynchronously initialized ApiServer instance
+     */
+    static create(config: ApiConfig & {
+        driver: DataDriver;
+    }): Promise<RebaseApiServer>;
+    /**
+     * Setup Hono middleware
+     */
+    private setupMiddleware;
+    /**
+     * Setup API routes using existing services
+     */
+    private setupRoutes;
+    /**
+     * Get the Hono router with all API routes
+     */
+    getRouter(): Hono<HonoEnv>;
+    /**
+     * Get the standalone Hono app
+     */
+    getApp(): Hono<HonoEnv>;
+    /**
+     * Start the server (standalone mode) via @hono/node-server
+     */
+    listen(port?: number, callback?: () => void): void;
+}

package/dist/server-core/src/api/types.d.ts

@@ -0,0 +1,90 @@
+import { EntityCollection } from "@rebasepro/types";
+import { AuthResult } from "../auth/middleware";
+import { NodePgDatabase } from "drizzle-orm/node-postgres";
+import { DataDriver } from "@rebasepro/types";
+/**
+ * Hono Environment Variables
+ * Passed to generic Hono<HonoEnv> to type `c.get()`
+ */
+export type HonoEnv = {
+    Variables: {
+        user?: AuthResult | {
+            userId?: string;
+            roles?: string[];
+        };
+        driver?: DataDriver;
+    };
+};
+/**
+ * Configuration for API generation
+ */
+/**
+ * Configuration for API generation
+ */
+export interface ApiConfig {
+    collections?: EntityCollection[];
+    collectionsDir?: string;
+    basePath?: string;
+    enableGraphQL?: boolean;
+    enableREST?: boolean;
+    cors?: {
+        origin?: string | string[] | boolean;
+        credentials?: boolean;
+    };
+    /** Whether auth is required for API endpoints (default: true) */
+    requireAuth?: boolean;
+    /** Optional custom validator for authentication */
+    authValidator?: (c: import("hono").Context<import("./types").HonoEnv>) => Promise<AuthResult>;
+    pagination?: {
+        defaultLimit: number;
+        maxLimit: number;
+    };
+}
+/**
+ * Context passed to resolvers and handlers
+ */
+export interface ApiContext {
+    user?: AuthResult;
+    collections: Map<string, EntityCollection>;
+    db: NodePgDatabase;
+}
+/**
+ * Standard API response format
+ */
+export interface ApiResponse<T = unknown> {
+    data?: T;
+    error?: {
+        message: string;
+        code?: string;
+        details?: unknown;
+    };
+    meta?: {
+        total?: number;
+        page?: number;
+        limit?: number;
+        hasMore?: boolean;
+    };
+}
+/**
+ * Query options for API endpoints
+ */
+export interface QueryOptions {
+    limit?: number;
+    offset?: number;
+    where?: Record<string, unknown>;
+    orderBy?: Array<{
+        field: string;
+        direction: 'asc' | 'desc';
+    }>;
+    include?: string[];
+    /** Columns to return in the response (field-level selection) */
+    fields?: string[];
+}
+/**
+ * Relation resolution configuration
+ */
+export interface RelationConfig {
+    relationName: string;
+    depth?: number;
+    include?: string[];
+}

package/dist/server-core/src/auth/admin-routes.d.ts

@@ -0,0 +1,7 @@
+import { Hono } from "hono";
+import { AuthModuleConfig } from "./routes";
+import { HonoEnv } from "../api/types";
+/**
+ * Create admin routes for user and role management
+ */
+export declare function createAdminRoutes(config: AuthModuleConfig): Hono<HonoEnv>;

package/dist/server-core/src/auth/google-oauth.d.ts

@@ -0,0 +1,20 @@
+export interface GoogleUserInfo {
+    googleId: string;
+    email: string;
+    displayName: string | null;
+    photoUrl: string | null;
+    emailVerified: boolean;
+}
+/**
+ * Configure Google OAuth - call this during initialization
+ */
+export declare function configureGoogleOAuth(clientId: string): void;
+/**
+ * Verify a Google ID token and extract user information
+ * @param idToken The ID token from Google Sign-In on the frontend
+ */
+export declare function verifyGoogleIdToken(idToken: string): Promise<GoogleUserInfo | null>;
+/**
+ * Check if Google OAuth is configured
+ */
+export declare function isGoogleOAuthConfigured(): boolean;

package/dist/server-core/src/auth/index.d.ts

@@ -0,0 +1,12 @@
+export { configureJwt, generateAccessToken, verifyAccessToken, generateRefreshToken, hashRefreshToken, getRefreshTokenExpiry, getAccessTokenExpiry } from "./jwt";
+export type { JwtConfig, AccessTokenPayload } from "./jwt";
+export { hashPassword, verifyPassword, validatePasswordStrength } from "./password";
+export type { PasswordValidationResult } from "./password";
+export { configureGoogleOAuth, verifyGoogleIdToken, isGoogleOAuthConfigured } from "./google-oauth";
+export type { GoogleUserInfo } from "./google-oauth";
+export { requireAuth, requireAdmin, optionalAuth, extractUserFromToken, createAuthMiddleware } from "./middleware";
+export type { AuthMiddlewareOptions, AuthResult } from "./middleware";
+export { createAuthRoutes } from "./routes";
+export type { AuthModuleConfig } from "./routes";
+export { createAdminRoutes } from "./admin-routes";
+export { createRateLimiter, defaultAuthLimiter, strictAuthLimiter } from "./rate-limiter";

package/dist/server-core/src/auth/interfaces.d.ts

@@ -0,0 +1,270 @@
+/**
+ * Authentication Abstraction Interfaces
+ *
+ * These interfaces define the contracts for authentication-related operations.
+ * Implementations can use different databases (PostgreSQL, MongoDB, etc.) to
+ * store user, role, and token data.
+ */
+/**
+ * User data structure
+ */
+export interface UserData {
+    id: string;
+    email: string;
+    passwordHash?: string | null;
+    displayName?: string | null;
+    photoUrl?: string | null;
+    provider: string;
+    googleId?: string | null;
+    emailVerified: boolean;
+    emailVerificationToken?: string | null;
+    emailVerificationSentAt?: Date | null;
+    createdAt: Date;
+    updatedAt: Date;
+}
+/**
+ * Data for creating a new user
+ */
+export interface CreateUserData {
+    email: string;
+    passwordHash?: string;
+    displayName?: string;
+    photoUrl?: string;
+    provider?: string;
+    googleId?: string;
+    emailVerified?: boolean;
+}
+/**
+ * Role data structure
+ */
+export interface RoleData {
+    id: string;
+    name: string;
+    isAdmin: boolean;
+    defaultPermissions: {
+        read?: boolean;
+        create?: boolean;
+        edit?: boolean;
+        delete?: boolean;
+    } | null;
+    collectionPermissions: Record<string, {
+        read?: boolean;
+        create?: boolean;
+        edit?: boolean;
+        delete?: boolean;
+    }> | null;
+    config: Record<string, unknown> | null;
+}
+/**
+ * Data for creating a new role
+ */
+export interface CreateRoleData {
+    id: string;
+    name: string;
+    isAdmin?: boolean;
+    defaultPermissions?: RoleData["defaultPermissions"];
+    collectionPermissions?: RoleData["collectionPermissions"];
+    config?: RoleData["config"];
+}
+/**
+ * Refresh token info
+ */
+export interface RefreshTokenInfo {
+    id: string;
+    userId: string;
+    tokenHash: string;
+    expiresAt: Date;
+    createdAt: Date;
+    userAgent?: string | null;
+    ipAddress?: string | null;
+}
+/**
+ * Password reset token info
+ */
+export interface PasswordResetTokenInfo {
+    userId: string;
+    expiresAt: Date;
+}
+/**
+ * Options for paginated user listing
+ */
+export interface ListUsersOptions {
+    /** Max results per page (default 25) */
+    limit?: number;
+    /** Number of results to skip (default 0) */
+    offset?: number;
+    /** Search term — matches against email and displayName (case-insensitive) */
+    search?: string;
+    /** Field to sort by (default "createdAt") */
+    orderBy?: string;
+    /** Sort direction (default "desc") */
+    orderDir?: "asc" | "desc";
+}
+/**
+ * Result of a paginated user listing
+ */
+export interface PaginatedUsersResult {
+    users: UserData[];
+    /** Total number of users matching the filters (ignoring limit/offset) */
+    total: number;
+    limit: number;
+    offset: number;
+}
+/**
+ * Abstract user repository interface.
+ * Handles all user-related database operations.
+ */
+export interface UserRepository {
+    /**
+     * Create a new user
+     */
+    createUser(data: CreateUserData): Promise<UserData>;
+    /**
+     * Get a user by ID
+     */
+    getUserById(id: string): Promise<UserData | null>;
+    /**
+     * Get a user by email
+     */
+    getUserByEmail(email: string): Promise<UserData | null>;
+    /**
+     * Get a user by Google ID
+     */
+    getUserByGoogleId(googleId: string): Promise<UserData | null>;
+    /**
+     * Update a user
+     */
+    updateUser(id: string, data: Partial<Omit<CreateUserData, "id">>): Promise<UserData | null>;
+    /**
+     * Delete a user
+     */
+    deleteUser(id: string): Promise<void>;
+    /**
+     * List all users (unbounded — use listUsersPaginated for large datasets)
+     */
+    listUsers(): Promise<UserData[]>;
+    /**
+     * List users with server-side pagination, search, and sorting.
+     */
+    listUsersPaginated(options?: ListUsersOptions): Promise<PaginatedUsersResult>;
+    /**
+     * Update user's password hash
+     */
+    updatePassword(id: string, passwordHash: string): Promise<void>;
+    /**
+     * Set email verification status
+     */
+    setEmailVerified(id: string, verified: boolean): Promise<void>;
+    /**
+     * Set email verification token
+     */
+    setVerificationToken(id: string, token: string | null): Promise<void>;
+    /**
+     * Find user by email verification token
+     */
+    getUserByVerificationToken(token: string): Promise<UserData | null>;
+    /**
+     * Get roles for a user
+     */
+    getUserRoles(userId: string): Promise<RoleData[]>;
+    /**
+     * Get role IDs for a user
+     */
+    getUserRoleIds(userId: string): Promise<string[]>;
+    /**
+     * Set roles for a user (replaces existing roles)
+     */
+    setUserRoles(userId: string, roleIds: string[]): Promise<void>;
+    /**
+     * Assign a specific role to a new user
+     */
+    assignDefaultRole(userId: string, roleId: string): Promise<void>;
+    /**
+     * Get user with their roles
+     */
+    getUserWithRoles(userId: string): Promise<{
+        user: UserData;
+        roles: RoleData[];
+    } | null>;
+}
+/**
+ * Abstract role repository interface.
+ * Handles all role-related database operations.
+ */
+export interface RoleRepository {
+    /**
+     * Get a role by ID
+     */
+    getRoleById(id: string): Promise<RoleData | null>;
+    /**
+     * List all roles
+     */
+    listRoles(): Promise<RoleData[]>;
+    /**
+     * Create a new role
+     */
+    createRole(data: CreateRoleData): Promise<RoleData>;
+    /**
+     * Update a role
+     */
+    updateRole(id: string, data: Partial<Omit<RoleData, "id">>): Promise<RoleData | null>;
+    /**
+     * Delete a role
+     */
+    deleteRole(id: string): Promise<void>;
+}
+/**
+ * Abstract token repository interface.
+ * Handles refresh tokens and password reset tokens.
+ */
+export interface TokenRepository {
+    /**
+     * Create a new refresh token
+     */
+    createRefreshToken(userId: string, tokenHash: string, expiresAt: Date, userAgent?: string, ipAddress?: string): Promise<void>;
+    /**
+     * Find a refresh token by hash
+     */
+    findRefreshTokenByHash(tokenHash: string): Promise<RefreshTokenInfo | null>;
+    /**
+     * Delete a refresh token by hash
+     */
+    deleteRefreshToken(tokenHash: string): Promise<void>;
+    /**
+     * Delete all refresh tokens for a user
+     */
+    deleteAllRefreshTokensForUser(userId: string): Promise<void>;
+    /**
+     * List all refresh tokens for a user
+     */
+    listRefreshTokensForUser(userId: string): Promise<RefreshTokenInfo[]>;
+    /**
+     * Delete a specific refresh token by its primary key ID
+     */
+    deleteRefreshTokenById(id: string, userId: string): Promise<void>;
+    /**
+     * Create a password reset token
+     */
+    createPasswordResetToken(userId: string, tokenHash: string, expiresAt: Date): Promise<void>;
+    /**
+     * Find a valid (not expired, not used) password reset token by hash
+     */
+    findValidPasswordResetToken(tokenHash: string): Promise<PasswordResetTokenInfo | null>;
+    /**
+     * Mark a password reset token as used
+     */
+    markPasswordResetTokenUsed(tokenHash: string): Promise<void>;
+    /**
+     * Delete all password reset tokens for a user
+     */
+    deleteAllPasswordResetTokensForUser(userId: string): Promise<void>;
+    /**
+     * Clean up expired tokens
+     */
+    deleteExpiredTokens(): Promise<void>;
+}
+/**
+ * Combined auth repository interface for convenience
+ */
+export interface AuthRepository extends UserRepository, RoleRepository, TokenRepository {
+}

package/dist/server-core/src/auth/jwt.d.ts

@@ -0,0 +1,42 @@
+export interface JwtConfig {
+    secret: string;
+    accessExpiresIn?: string;
+    refreshExpiresIn?: string;
+}
+export interface AccessTokenPayload {
+    userId: string;
+    roles: string[];
+}
+/**
+ * Configure JWT settings - call this during initialization.
+ * Validates the secret strength to prevent deployment with default/weak secrets.
+ */
+export declare function configureJwt(config: JwtConfig): void;
+/**
+ * Generate an access token (short-lived, 1 hour by default)
+ */
+export declare function generateAccessToken(userId: string, roles: string[]): string;
+/**
+ * Get the expiration time of an access token in milliseconds from now
+ */
+export declare function getAccessTokenExpiryMs(): number;
+/**
+ * Get the expiration timestamp for an access token
+ */
+export declare function getAccessTokenExpiry(): number;
+/**
+ * Verify and decode an access token
+ */
+export declare function verifyAccessToken(token: string): AccessTokenPayload | null;
+/**
+ * Generate a random refresh token (long-lived, 30 days by default)
+ */
+export declare function generateRefreshToken(): string;
+/**
+ * Hash a refresh token for database storage (don't store raw tokens)
+ */
+export declare function hashRefreshToken(token: string): string;
+/**
+ * Calculate refresh token expiration date
+ */
+export declare function getRefreshTokenExpiry(): Date;