@rebasepro/server-core 0.0.1-canary.4d4fb3e

package/package.json

@@ -0,0 +1,86 @@
+{
+    "name": "@rebasepro/server-core",
+    "type": "module",
+    "version": "0.0.1-canary.4d4fb3e",
+    "description": "Database-Agnostic Backend Core for Rebase",
+    "funding": {
+        "url": "https://github.com/sponsors/rebaseco"
+    },
+    "author": "Rebase",
+    "license": "MIT",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/rebasepro/rebase.git",
+        "directory": "packages/backend"
+    },
+    "main": "./dist/index.umd.js",
+    "module": "./dist/index.es.js",
+    "types": "./dist/server-core/src/index.d.ts",
+    "source": "src/index.ts",
+    "engines": {
+        "node": ">=14"
+    },
+    "keywords": [
+        "firebase",
+        "cms",
+        "admin",
+        "admin panel",
+        "postgresql",
+        "drizzle",
+        "backend",
+        "database",
+        "rebase"
+    ],
+    "scripts": {
+        "watch": "vite build --watch",
+        "build": "vite build && tsc --emitDeclarationOnly -p tsconfig.prod.json",
+        "prepublishOnly": "pnpm run build",
+        "test:lint": "eslint \"src/**\" --quiet",
+        "test": "jest --passWithNoTests",
+        "clean": "rm -rf dist && find ./src -name '*.js' -type f | xargs rm -f"
+    },
+    "exports": {
+        ".": {
+            "types": "./dist/server-core/src/index.d.ts",
+            "development": "./src/index.ts",
+            "import": "./dist/index.es.js",
+            "require": "./dist/index.umd.js"
+        },
+        "./package.json": "./package.json"
+    },
+    "dependencies": {
+        "@aws-sdk/client-s3": "^3.654.0",
+        "@aws-sdk/s3-request-presigner": "^3.654.0",
+        "@hono/graphql-server": "0.7.0",
+        "@hono/node-server": "1.19.12",
+        "@rebasepro/common": "0.0.1-canary.4d4fb3e",
+        "@rebasepro/types": "0.0.1-canary.4d4fb3e",
+        "@rebasepro/utils": "0.0.1-canary.4d4fb3e",
+        "google-auth-library": "^9.0.0",
+        "graphql": "^16.8.1",
+        "hono": "4.12.10",
+        "jsonwebtoken": "^9.0.0",
+        "nodemailer": "^6.9.0",
+        "ws": "^8.16.0",
+        "zod": "^3.22.4"
+    },
+    "devDependencies": {
+        "@rebasepro/common": "workspace:*",
+        "@rebasepro/types": "workspace:*",
+        "@types/jest": "^29.5.14",
+        "@types/jsonwebtoken": "^9.0.0",
+        "@types/node": "^20.10.5",
+        "@types/nodemailer": "^6.4.0",
+        "@types/react": "^19.0.8",
+        "@types/react-dom": "^19.0.3",
+        "@types/ws": "^8.5.10",
+        "jest": "^29.7.0",
+        "ts-jest": "29.4.1",
+        "typescript": "^5.0.0",
+        "vite": "^5.0.0"
+    },
+    "gitHead": "71bcef3c51a458cd054f7924cc18efbbe515dcc8",
+    "publishConfig": {
+        "access": "public"
+    }
+}

package/scratch.ts

@@ -0,0 +1,8 @@
+import { Hono } from 'hono';
+const app = new Hono();
+const child = new Hono();
+child.get('/*', (c) => {
+  return c.json({ star: c.req.param('*'), path: c.req.path });
+})
+app.route('/api', child);
+app.request(new Request('http://localhost/api/users/1/posts')).then(r => r.json()).then(console.log);

package/src/api/ast-schema-editor.ts

@@ -0,0 +1,289 @@
+import { Project, SyntaxKind, ObjectLiteralExpression, ObjectLiteralElementLike, PropertyAssignment, VariableDeclaration, IndentationText } from "ts-morph";
+import * as path from "path";
+import * as fs from "fs";
+
+export class AstSchemaEditor {
+    private project: Project;
+    private collectionsDir: string;
+
+    constructor(collectionsDir: string) {
+        this.project = new Project({
+            manipulationSettings: {
+                indentationText: IndentationText.FourSpaces,
+            }
+        });
+        if (fs.existsSync(collectionsDir)) {
+            this.project.addSourceFilesAtPaths(`${collectionsDir}/**/*.ts`);
+        }
+        this.collectionsDir = path.resolve(collectionsDir);
+    }
+
+    /**
+     * Sanitize collectionId to prevent path traversal attacks.
+     * Only allows alphanumeric characters, underscores, and hyphens.
+     */
+    private sanitizeCollectionId(collectionId: string): string {
+        const sanitized = collectionId.replace(/[^a-zA-Z0-9_-]/g, "");
+        if (!sanitized || sanitized !== collectionId) {
+            throw new Error(`Invalid collection ID: "${collectionId}". Only alphanumeric characters, underscores, and hyphens are allowed.`);
+        }
+        return sanitized;
+    }
+
+    /**
+     * Resolve a file path and ensure it falls within the collectionsDir.
+     */
+    private safePath(filename: string): string {
+        const resolved = path.resolve(this.collectionsDir, filename);
+        if (!resolved.startsWith(this.collectionsDir + path.sep) && resolved !== this.collectionsDir) {
+            throw new Error("Path traversal detected: resolved path is outside the collections directory.");
+        }
+        return resolved;
+    }
+
+    private getCollectionFile(collectionId: string) {
+        const safeId = this.sanitizeCollectionId(collectionId);
+        const filePath = this.safePath(`${safeId}.ts`);
+        let file = this.project.getSourceFile(filePath);
+        if (!file && fs.existsSync(filePath)) {
+            this.project.addSourceFilesAtPaths(`${this.collectionsDir}/**/*.ts`);
+            file = this.project.getSourceFile(filePath);
+        }
+        return file;
+    }
+
+    private getCollectionObject(collectionId: string): ObjectLiteralExpression | null {
+        const file = this.getCollectionFile(collectionId);
+        if (!file) return null;
+
+        const defaultExport = file.getDefaultExportSymbol();
+        if (defaultExport) {
+            const declaration = defaultExport.getDeclarations()[0];
+            if (declaration && declaration.getKind() === SyntaxKind.ExportAssignment) {
+                const expr = declaration.asKind(SyntaxKind.ExportAssignment)?.getExpression();
+                if (expr && expr.getKind() === SyntaxKind.Identifier) {
+                    const varName = expr.getText();
+                    const varDecl = file.getVariableDeclaration(varName);
+                    return varDecl?.getInitializerIfKind(SyntaxKind.ObjectLiteralExpression) || null;
+                }
+            }
+        }
+        // Fallback: Just get the first exported VariableDeclaration with an ObjectLiteral
+        const varDecls = file.getVariableDeclarations();
+        for (const varDecl of varDecls) {
+            const init = varDecl.getInitializerIfKind(SyntaxKind.ObjectLiteralExpression);
+            if (init) return init;
+        }
+        return null;
+    }
+
+    private convertJsonToAstString(obj: unknown, indentLevel: number = 0, oldAstNode?: ObjectLiteralExpression): string {
+        // Base TS-morph parses arrays as 2 levels deep from the property key: 
+        // PropertiesObject = level 1, PropertyConfig = level 2.
+        // We calibrate the spacing multiples to keep the items flush with standard TS format.
+        const indentStr = "    ";
+        const indent = indentStr.repeat(indentLevel);
+        const innerIndent = indentStr.repeat(indentLevel + 1);
+
+        if (obj === null || obj === undefined) {
+            return "undefined";
+        }
+        if (typeof obj === "string") {
+            return `"${obj.replace(/"/g, '\\"')}"`;
+        }
+        if (typeof obj === "number" || typeof obj === "boolean") {
+            return String(obj);
+        }
+        if (Array.isArray(obj)) {
+            if (obj.length === 0) return "[]";
+            const items = obj.map(item => this.convertJsonToAstString(item, indentLevel + 1));
+            return `[\n${innerIndent}${items.join(`,\n${innerIndent}`)}\n${indent}]`;
+        }
+        if (typeof obj === "object") {
+            const record = obj as Record<string, unknown>;
+            const keys = Object.keys(record);
+
+            // Collect preserved AST properties
+            const preservedProps: string[] = [];
+            if (oldAstNode) {
+                const oldProps = oldAstNode.getProperties();
+                for (const oldProp of oldProps) {
+                    if (oldProp.isKind(SyntaxKind.PropertyAssignment)) {
+                        const nameNode = oldProp.getNameNode();
+                        let name = nameNode.getText();
+                        if (name.startsWith('"') && name.endsWith('"')) name = name.slice(1, -1);
+                        if (name.startsWith("'") && name.endsWith("'")) name = name.slice(1, -1);
+
+                        // If the JSON object doesn't have this key, check if we should preserve it
+                        if (!(name in record)) {
+                            const init = oldProp.getInitializer();
+                            if (init) {
+                                const kind = init.getKind();
+                                const isCode = kind === SyntaxKind.ArrowFunction ||
+                                    kind === SyntaxKind.FunctionExpression ||
+                                    kind === SyntaxKind.Identifier ||
+                                    kind === SyntaxKind.CallExpression ||
+                                    kind === SyntaxKind.JsxElement;
+
+                                if (isCode || name === "target" || name === "callbacks" || name === "permissions" || name === "securityRules") {
+                                    // Preserve this property exactly as it was
+                                    const keyStr = /^[A-Za-z_$][A-Za-z0-9_$]*$/.test(name) ? name : `"${name}"`;
+                                    preservedProps.push(`${keyStr}: ${init.getText()}`);
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+
+            if (keys.length === 0 && preservedProps.length === 0) return "{}";
+
+            const props = keys.map(key => {
+                const keyStr = /^[A-Za-z_$][A-Za-z0-9_$]*$/.test(key) ? key : `"${key}"`;
+
+                // If the value is an object, pass the old AST node to recurse
+                let childAstNode: ObjectLiteralExpression | undefined;
+                if (oldAstNode && typeof record[key] === "object" && record[key] !== null && !Array.isArray(record[key])) {
+                    const oldProp = oldAstNode.getProperty(
+                        (p: ObjectLiteralElementLike) => 'getName' in p && typeof (p as PropertyAssignment).getName === 'function' && ((p as PropertyAssignment).getName() === key || (p as PropertyAssignment).getName() === `"${key}"` || (p as PropertyAssignment).getName() === `'${key}'`)
+                    );
+                    if (oldProp && oldProp.isKind(SyntaxKind.PropertyAssignment)) {
+                        childAstNode = oldProp.getInitializerIfKind(SyntaxKind.ObjectLiteralExpression);
+                    }
+                }
+
+                return `${keyStr}: ${this.convertJsonToAstString(record[key], indentLevel + 1, childAstNode)}`;
+            });
+
+            const allProps = [...props, ...preservedProps];
+            return `{\n${innerIndent}${allProps.join(`,\n${innerIndent}`)}\n${indent}}`;
+        }
+        return "undefined";
+    }
+
+    public async saveProperty(collectionId: string, propertyKey: string, propertyConfig: Record<string, unknown>) {
+        const collectionObj = this.getCollectionObject(collectionId);
+        if (!collectionObj) throw new Error(`Collection ${collectionId} not found in ATS workspace.`);
+
+        let propertiesProp = collectionObj.getProperty("properties") as PropertyAssignment;
+        if (!propertiesProp) {
+            propertiesProp = collectionObj.addPropertyAssignment({
+                name: "properties",
+                initializer: "{}"
+            });
+        }
+
+        const propsObj = propertiesProp.getInitializerIfKind(SyntaxKind.ObjectLiteralExpression);
+        if (propsObj) {
+            let existingProp = propsObj.getProperty(
+                (p: ObjectLiteralElementLike) => 'getName' in p && typeof (p as PropertyAssignment).getName === 'function' && ((p as PropertyAssignment).getName() === propertyKey || (p as PropertyAssignment).getName() === `"${propertyKey}"`)
+            );
+
+            let oldPropAstNode: ObjectLiteralExpression | undefined;
+            if (existingProp && existingProp.isKind(SyntaxKind.PropertyAssignment)) {
+                oldPropAstNode = existingProp.getInitializerIfKind(SyntaxKind.ObjectLiteralExpression);
+            }
+
+            const newInitializer = this.convertJsonToAstString(propertyConfig, 2, oldPropAstNode);
+
+            if (existingProp) {
+                if (existingProp.isKind(SyntaxKind.PropertyAssignment)) {
+                    existingProp.setInitializer(newInitializer);
+                }
+            } else {
+                propsObj.addPropertyAssignment({
+                    name: /^[A-Za-z_$][A-Za-z0-9_$]*$/.test(propertyKey) ? propertyKey : `"${propertyKey}"`,
+                    initializer: newInitializer
+                });
+            }
+
+            const file = this.getCollectionFile(collectionId);
+            if (file) {
+                file.formatText();
+            }
+            await this.project.save();
+        }
+    }
+
+    public async deleteProperty(collectionId: string, propertyKey: string) {
+        const collectionObj = this.getCollectionObject(collectionId);
+        if (!collectionObj) return;
+
+        const propertiesProp = collectionObj.getProperty("properties") as PropertyAssignment;
+        if (propertiesProp) {
+            const propsObj = propertiesProp.getInitializerIfKind(SyntaxKind.ObjectLiteralExpression);
+            if (propsObj) {
+                const existingProp = propsObj.getProperty(
+                    (p: ObjectLiteralElementLike) => 'getName' in p && typeof (p as PropertyAssignment).getName === 'function' && ((p as PropertyAssignment).getName() === propertyKey || (p as PropertyAssignment).getName() === `"${propertyKey}"`)
+                );
+                if (existingProp) {
+                    existingProp.remove();
+                    const file = this.getCollectionFile(collectionId);
+                    if (file) {
+                        file.formatText();
+                    }
+                    await this.project.save();
+                }
+            }
+        }
+    }
+
+    public async saveCollection(collectionId: string, collectionData: Record<string, unknown>) {
+        let file = this.getCollectionFile(collectionId);
+        let collectionObj = this.getCollectionObject(collectionId);
+
+        if (!file || !collectionObj) {
+            // Create a new file
+            const safeId = this.sanitizeCollectionId(collectionId);
+            const newFilePath = this.safePath(`${safeId}.ts`);
+            file = this.project.createSourceFile(newFilePath, `import { EntityCollection } from "@rebasepro/types";\n\nconst ${safeId}Collection: EntityCollection = ${this.convertJsonToAstString(collectionData)};\n\nexport default ${safeId}Collection;\n`, { overwrite: true });
+        } else {
+            // Update root level properties gracefully
+            
+            // Force delete securityRules if empty or undefined to handle Formex / serialization stripping
+            if (!("securityRules" in collectionData) || collectionData.securityRules === undefined || (Array.isArray(collectionData.securityRules) && collectionData.securityRules.length === 0)) {
+                const srProp = collectionObj.getProperty("securityRules");
+                if (srProp) {
+                    srProp.remove();
+                }
+                
+                // If it was in collectionData as an empty array, delete it so the loop below doesn't add it back as "[]"
+                // Actually, if it's "[]", omitting it entirely from the TS file achieves the same logical effect (no RLS rules)
+                // and correctly triggers "unmapped policies" if the DB still has them.
+                delete collectionData["securityRules"];
+            }
+
+            for (const key of Object.keys(collectionData)) {
+                if (key === "relations") continue; // Kept via other AST functions or handled separately.
+
+                let prop = collectionObj.getProperty(key) as PropertyAssignment;
+
+                let oldAstNode: ObjectLiteralExpression | undefined;
+                if (prop && prop.isKind(SyntaxKind.PropertyAssignment)) {
+                    oldAstNode = prop.getInitializerIfKind(SyntaxKind.ObjectLiteralExpression);
+                }
+
+                const newInit = this.convertJsonToAstString(collectionData[key], 1, oldAstNode);
+                if (prop) {
+                    prop.setInitializer(newInit);
+                } else {
+                    collectionObj.addPropertyAssignment({
+                        name: key,
+                        initializer: newInit
+                    });
+                }
+            }
+        }
+        if (file) {
+            file.formatText();
+        }
+        await this.project.save();
+    }
+
+    public async deleteCollection(collectionId: string) {
+        const file = this.getCollectionFile(collectionId);
+        if (file) {
+            file.deleteImmediatelySync();
+        }
+    }
+}

package/src/api/collections_for_test/callbacks_test_collection.ts

@@ -0,0 +1,57 @@
+import { EntityCollection, EntityBeforeSaveProps, EntityAfterSaveProps, EntityAfterSaveErrorProps, EntityAfterReadProps, EntityBeforeDeleteProps, EntityAfterDeleteProps, PostgresCollection } from "@rebasepro/types";
+
+export const callbacksTestCollection: PostgresCollection = {
+    name: "Callback Tests",
+    slug: "callback_tests",
+    table: "callback_tests",
+    description: "A collection to test backend callbacks",
+    properties: {
+        name: {
+            name: "Name",
+            validation: { required: true },
+            type: "string"
+        },
+        hasSaveSuccessTriggered: {
+            name: "Save Success Triggered",
+            type: "boolean"
+        },
+        hasPreSaveTriggered: {
+            name: "Pre Save Triggered",
+            type: "boolean"
+        },
+        hasFetchTriggered: {
+            name: "Fetch Triggered",
+            type: "boolean"
+        }
+    },
+    callbacks: {
+        beforeSave: (props: EntityBeforeSaveProps) => {
+            console.log("🔥 [BACKEND_CALLBACK] beforeSave Triggered!", props);
+            return {
+                ...props.values,
+                hasPreSaveTriggered: true,
+                name: props.values.name + " (PreSaved)" // Modifying value before save
+            };
+        },
+        afterSave: (props: EntityAfterSaveProps) => {
+            console.log("🔥 [BACKEND_CALLBACK] afterSave Triggered!", props);
+            // This usually triggers other side effects (emails, notifications), log for now
+        },
+        afterSaveError: (props: EntityAfterSaveErrorProps) => {
+            console.error("🔥 [BACKEND_CALLBACK] afterSaveError Triggered!", props);
+        },
+        afterRead: (props: EntityAfterReadProps) => {
+            console.log("🔥 [BACKEND_CALLBACK] afterRead Triggered!", props);
+            return {
+                ...props.entity.values,
+                hasFetchTriggered: true
+            };
+        },
+        beforeDelete: (props: EntityBeforeDeleteProps) => {
+            console.log("🔥 [BACKEND_CALLBACK] beforeDelete Triggered!", props);
+        },
+        afterDelete: (props: EntityAfterDeleteProps) => {
+            console.log("🔥 [BACKEND_CALLBACK] afterDelete Triggered!", props);
+        }
+    }
+};

package/src/api/errors.ts

@@ -0,0 +1,155 @@
+import { ErrorHandler } from "hono";
+import { ContentfulStatusCode } from "hono/utils/http-status";
+
+/**
+ * Standardized API error class.
+ * Throw this from any route handler — the errorHandler middleware
+ * will format it into `{ error: { message, code, details? } }`.
+ */
+export class ApiError extends Error {
+    public readonly statusCode: number;
+    public readonly code: string;
+    public readonly details?: unknown;
+
+    constructor(statusCode: number, code: string, message: string, details?: unknown) {
+        super(message);
+        this.name = "ApiError";
+        this.statusCode = statusCode;
+        this.code = code;
+        this.details = details;
+    }
+
+    // ── Factory methods ──────────────────────────────────────────────
+
+    static badRequest(message: string, code = "BAD_REQUEST", details?: unknown): ApiError {
+        return new ApiError(400, code, message, details);
+    }
+
+    static unauthorized(message: string, code = "UNAUTHORIZED"): ApiError {
+        return new ApiError(401, code, message);
+    }
+
+    static forbidden(message: string, code = "FORBIDDEN"): ApiError {
+        return new ApiError(403, code, message);
+    }
+
+    static notFound(message: string, code = "NOT_FOUND"): ApiError {
+        return new ApiError(404, code, message);
+    }
+
+    static conflict(message: string, code = "CONFLICT"): ApiError {
+        return new ApiError(409, code, message);
+    }
+
+    static internal(message: string, code = "INTERNAL_ERROR"): ApiError {
+        return new ApiError(500, code, message);
+    }
+
+    static serviceUnavailable(message: string, code = "SERVICE_UNAVAILABLE"): ApiError {
+        return new ApiError(503, code, message);
+    }
+}
+
+/**
+ * Canonical error response shape:
+ * `{ error: { message: string, code: string, details?: unknown } }`
+ */
+export interface ErrorResponse {
+    error: {
+        message: string;
+        code: string;
+        details?: unknown;
+    };
+}
+
+/**
+ * Hono error-handling middleware (`app.onError`).
+ * Converts any error into the canonical `{ error: { message, code } }` shape.
+ */
+export const errorHandler: ErrorHandler = (err, c) => {
+    // Typecast custom error properties
+    const error = err as Error & { statusCode?: number; code?: string; details?: unknown };
+
+    if (error instanceof ApiError) {
+        // Operational errors — log at warn level
+        console.warn(
+            `⚠️ [API] ${c.req.method} ${c.req.path} → ${error.statusCode} ${error.code}: ${error.message}`
+        );
+        return c.json({
+            error: {
+                message: error.message,
+                code: error.code,
+                ...(error.details !== undefined && { details: error.details })
+            }
+        } satisfies ErrorResponse, (error.statusCode || 500) as ContentfulStatusCode);
+    }
+
+    const statusCode = error.statusCode || codeToStatus(error.code) || 500;
+    const code = error.code || "INTERNAL_ERROR";
+
+    // Handle DB connection and specific system errors for better logging
+    let logMessage = error.message;
+    if (error.cause && typeof error.cause === 'object' && 'code' in error.cause) {
+        const cause = error.cause as any;
+        if (cause.code === 'ENETUNREACH') {
+            logMessage = `Network unreachable. Cannot connect to database at ${cause.address}:${cause.port}.`;
+        } else if (cause.code === 'ECONNREFUSED') {
+            logMessage = `Connection refused to database at ${cause.address}:${cause.port}.`;
+        }
+    } else if ('code' in error && error.code === 'ENETUNREACH') {
+         logMessage = `Network unreachable. Cannot connect to service at ${(error as any).address}:${(error as any).port}.`;
+    }
+
+    // Unexpected errors — log at error level with full stack
+    console.error(
+        `❌ [API] ${c.req.method} ${c.req.path} → ${statusCode} ${code}: ${logMessage}`
+    );
+    console.error(error.stack || error);
+
+    // Sanitize the message for the client to prevent leaking sensitive details
+    // like SQL queries or internal IP addresses.
+    let clientMessage = "An unexpected error occurred";
+    if (statusCode < 500 && error.message) {
+        // If it's a 4xx error (e.g. from validation), it's generally safe to send the message
+        clientMessage = error.message;
+    } else if (error instanceof ApiError) {
+        // We already handled ApiError above, but just in case
+        clientMessage = error.message;
+    } else if (code === 'INTERNAL_ERROR') {
+        clientMessage = "Internal Server Error";
+    }
+
+    return c.json({
+        error: {
+            message: clientMessage,
+            code,
+            ...(error.details !== undefined && { details: error.details })
+        }
+    } satisfies ErrorResponse, statusCode as ContentfulStatusCode);
+};
+
+/**
+ * Map known error codes to HTTP status codes.
+ */
+function codeToStatus(code?: string): number | undefined {
+    if (!code) return undefined;
+    const map: Record<string, number> = {
+        BAD_REQUEST: 400,
+        INVALID_INPUT: 400,
+        WEAK_PASSWORD: 400,
+        UNAUTHORIZED: 401,
+        INVALID_CREDENTIALS: 401,
+        INVALID_TOKEN: 401,
+        FORBIDDEN: 403,
+        NOT_FOUND: 404,
+        CONFLICT: 409,
+        EMAIL_EXISTS: 409,
+        ROLE_EXISTS: 409,
+        INTERNAL_ERROR: 500,
+        NOT_CONFIGURED: 503,
+        SERVICE_UNAVAILABLE: 503,
+    };
+    return map[code];
+}
+
+