@rebasepro/server-core 0.6.1 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (116) hide show
  1. package/dist/api/graphql/graphql-schema-generator.d.ts +9 -0
  2. package/dist/api/rest/api-generator.d.ts +2 -14
  3. package/dist/api/rest/query-parser.d.ts +2 -5
  4. package/dist/api/types.d.ts +8 -2
  5. package/dist/auth/adapter-middleware.d.ts +7 -1
  6. package/dist/auth/admin-roles-route.d.ts +18 -0
  7. package/dist/auth/admin-users-route.d.ts +28 -0
  8. package/dist/auth/api-keys/api-key-types.d.ts +8 -0
  9. package/dist/auth/auth-hooks.d.ts +17 -0
  10. package/dist/auth/builtin-auth-adapter.d.ts +3 -1
  11. package/dist/auth/index.d.ts +1 -0
  12. package/dist/auth/interfaces.d.ts +32 -2
  13. package/dist/auth/magic-link-routes.d.ts +30 -0
  14. package/dist/auth/mfa-crypto.d.ts +23 -0
  15. package/dist/auth/mfa-routes.d.ts +2 -1
  16. package/dist/auth/middleware.d.ts +9 -2
  17. package/dist/auth/routes.d.ts +3 -1
  18. package/dist/auth/session-routes.d.ts +2 -0
  19. package/dist/backend-CIxN4FVm.js.map +1 -1
  20. package/dist/base64-js-C_frYBkI.js +1687 -0
  21. package/dist/base64-js-C_frYBkI.js.map +1 -0
  22. package/dist/{dist-CZKP-Xz4.js → dist-DMO-zF6D.js} +2 -2
  23. package/dist/{dist-CZKP-Xz4.js.map → dist-DMO-zF6D.js.map} +1 -1
  24. package/dist/email/index.d.ts +2 -2
  25. package/dist/email/templates.d.ts +8 -0
  26. package/dist/email/types.d.ts +18 -0
  27. package/dist/functions/define-function.d.ts +50 -0
  28. package/dist/functions/index.d.ts +2 -0
  29. package/dist/index.d.ts +16 -18
  30. package/dist/index.es.js +1947 -2356
  31. package/dist/index.es.js.map +1 -1
  32. package/dist/index.umd.js +40615 -10203
  33. package/dist/index.umd.js.map +1 -1
  34. package/dist/init.d.ts +68 -12
  35. package/dist/jws-BqRRaK11.js +616 -0
  36. package/dist/jws-BqRRaK11.js.map +1 -0
  37. package/dist/{jwt-DHcQRGC3.js → jwt-BETC8a1J.js} +3 -611
  38. package/dist/jwt-BETC8a1J.js.map +1 -0
  39. package/dist/services/routed-realtime-service.d.ts +43 -0
  40. package/dist/{src-COaj0G3P.js → src-CB2PIpBe.js} +2 -2
  41. package/dist/{src-COaj0G3P.js.map → src-CB2PIpBe.js.map} +1 -1
  42. package/dist/src-DjzOT1kG.js +29746 -0
  43. package/dist/src-DjzOT1kG.js.map +1 -0
  44. package/dist/storage/GCSStorageController.d.ts +43 -0
  45. package/dist/storage/index.d.ts +5 -2
  46. package/dist/storage/routes.d.ts +33 -1
  47. package/dist/storage/tus-handler.d.ts +3 -1
  48. package/dist/storage/types.d.ts +28 -3
  49. package/dist/utils/dev-port.d.ts +2 -0
  50. package/package.json +13 -5
  51. package/src/api/errors.ts +16 -2
  52. package/src/api/graphql/graphql-schema-generator.ts +50 -15
  53. package/src/api/openapi-generator.ts +2 -2
  54. package/src/api/rest/api-generator.ts +44 -123
  55. package/src/api/rest/query-parser.ts +6 -23
  56. package/src/api/server.ts +10 -2
  57. package/src/api/types.ts +8 -2
  58. package/src/auth/adapter-middleware.ts +10 -2
  59. package/src/auth/admin-roles-route.ts +36 -0
  60. package/src/auth/admin-users-route.ts +302 -0
  61. package/src/auth/api-keys/api-key-middleware.ts +4 -3
  62. package/src/auth/api-keys/api-key-routes.ts +12 -2
  63. package/src/auth/api-keys/api-key-store.ts +83 -66
  64. package/src/auth/api-keys/api-key-types.ts +8 -0
  65. package/src/auth/apple-oauth.ts +2 -1
  66. package/src/auth/auth-hooks.ts +21 -0
  67. package/src/auth/bitbucket-oauth.ts +2 -1
  68. package/src/auth/builtin-auth-adapter.ts +29 -6
  69. package/src/auth/custom-auth-adapter.ts +2 -0
  70. package/src/auth/discord-oauth.ts +2 -1
  71. package/src/auth/facebook-oauth.ts +2 -1
  72. package/src/auth/github-oauth.ts +2 -1
  73. package/src/auth/gitlab-oauth.ts +2 -1
  74. package/src/auth/google-oauth.ts +8 -4
  75. package/src/auth/index.ts +2 -0
  76. package/src/auth/interfaces.ts +38 -2
  77. package/src/auth/linkedin-oauth.ts +2 -1
  78. package/src/auth/magic-link-routes.ts +167 -0
  79. package/src/auth/mfa-crypto.ts +91 -0
  80. package/src/auth/mfa-routes.ts +34 -10
  81. package/src/auth/microsoft-oauth.ts +2 -1
  82. package/src/auth/middleware.ts +14 -5
  83. package/src/auth/reset-password-admin.ts +17 -1
  84. package/src/auth/routes.ts +78 -10
  85. package/src/auth/session-routes.ts +15 -3
  86. package/src/auth/slack-oauth.ts +2 -1
  87. package/src/auth/spotify-oauth.ts +2 -1
  88. package/src/auth/twitter-oauth.ts +8 -1
  89. package/src/cron/cron-store.ts +25 -23
  90. package/src/email/index.ts +3 -2
  91. package/src/email/templates.ts +82 -0
  92. package/src/email/types.ts +16 -0
  93. package/src/functions/define-function.ts +59 -0
  94. package/src/functions/function-loader.ts +16 -0
  95. package/src/functions/index.ts +2 -0
  96. package/src/index.ts +70 -37
  97. package/src/init.ts +214 -25
  98. package/src/services/routed-realtime-service.ts +113 -0
  99. package/src/storage/GCSStorageController.ts +334 -0
  100. package/src/storage/index.ts +9 -3
  101. package/src/storage/routes.ts +191 -23
  102. package/src/storage/tus-handler.ts +16 -4
  103. package/src/storage/types.ts +25 -3
  104. package/src/utils/dev-port.ts +13 -7
  105. package/test/api-generator.test.ts +1 -1
  106. package/test/auth-config-types.test.ts +40 -0
  107. package/test/auth-routes.test.ts +54 -4
  108. package/test/custom-auth-adapter.test.ts +20 -1
  109. package/test/define-function.test.ts +45 -0
  110. package/test/env.test.ts +9 -19
  111. package/test/multi-datasource-routing.test.ts +113 -0
  112. package/test/routed-realtime-service.test.ts +86 -0
  113. package/test/storage-routes.test.ts +160 -0
  114. package/test/transform-auth-response.test.ts +305 -0
  115. package/dist/jwt-DHcQRGC3.js.map +0 -1
  116. package/test/backend-hooks-data.test.ts +0 -477
@@ -1,477 +0,0 @@
1
- /**
2
- * BackendHooks — Data (REST API) Integration Tests
3
- *
4
- * Verifies that DataHooks are correctly applied within RestApiGenerator
5
- * for all collection CRUD operations.
6
- */
7
-
8
- import { Hono } from "hono";
9
- import { RestApiGenerator } from "../src/api/rest/api-generator";
10
- import { errorHandler } from "../src/api/errors";
11
- import type { DataDriver } from "@rebasepro/types";
12
- import type { EntityCollection } from "@rebasepro/types";
13
- import type { DataHooks } from "@rebasepro/types";
14
-
15
- // ── Helpers ─────────────────────────────────────────────────────────────────
16
-
17
- function createMockDriver(): jest.Mocked<DataDriver> {
18
- return {
19
- key: "postgres",
20
- initialised: true,
21
- fetchCollection: jest.fn(),
22
- listenCollection: jest.fn(),
23
- fetchEntity: jest.fn(),
24
- listenEntity: jest.fn(),
25
- saveEntity: jest.fn(),
26
- deleteEntity: jest.fn(),
27
- checkUniqueField: jest.fn(),
28
- countEntities: jest.fn(),
29
- withAuth: jest.fn(),
30
- admin: {} as any
31
- } as unknown as jest.Mocked<DataDriver>;
32
- }
33
-
34
- const mockCollections: EntityCollection[] = [
35
- { slug: "products",
36
- name: "Products",
37
- singularName: "Product",
38
- properties: {} } as any,
39
- { slug: "orders",
40
- name: "Orders",
41
- singularName: "Order",
42
- properties: {} } as any
43
- ];
44
-
45
- function createApp(mockDriver: jest.Mocked<DataDriver>, hooks?: DataHooks) {
46
- const app = new Hono();
47
- app.onError(errorHandler);
48
- // RestApiGenerator.getScopedDriver reads from c.get("driver") which is
49
- // normally set by auth middleware. Replicate that here for tests.
50
- app.use("/api/*", async (c, next) => {
51
- c.set("driver", mockDriver);
52
- await next();
53
- });
54
- const generator = new RestApiGenerator(mockCollections, mockDriver, hooks);
55
- app.route("/api", generator.generateRoutes());
56
- return app;
57
- }
58
-
59
- // ═════════════════════════════════════════════════════════════════════════════
60
- // TESTS
61
- // ═════════════════════════════════════════════════════════════════════════════
62
-
63
- describe("DataHooks — REST API", () => {
64
- let mockDriver: jest.Mocked<DataDriver>;
65
-
66
- beforeEach(() => {
67
- mockDriver = createMockDriver();
68
- });
69
-
70
- // ── afterRead ─────────────────────────────────────────────────────
71
- describe("data.afterRead", () => {
72
- it("transforms entities in GET list response", async () => {
73
- const hooks: DataHooks = {
74
- afterRead(slug, entity) {
75
- // Mask price for non-premium entities
76
- if (slug === "products") {
77
- return { ...entity,
78
- price: "***" };
79
- }
80
- return entity;
81
- }
82
- };
83
- const app = createApp(mockDriver, hooks);
84
-
85
- mockDriver.fetchCollection.mockResolvedValue([
86
- { id: "p1",
87
- path: "products",
88
- values: { name: "Widget",
89
- price: 99 } } as any,
90
- { id: "p2",
91
- path: "products",
92
- values: { name: "Gadget",
93
- price: 199 } } as any
94
- ]);
95
- mockDriver.countEntities!.mockResolvedValue(2);
96
-
97
- const res = await app.request("/api/products");
98
- expect(res.status).toBe(200);
99
-
100
- const body = await res.json() as any;
101
- expect(body.data).toHaveLength(2);
102
- expect(body.data[0].price).toBe("***");
103
- expect(body.data[1].price).toBe("***");
104
- // Original field should still be there
105
- expect(body.data[0].name).toBe("Widget");
106
- });
107
-
108
- it("filters out entities by returning null", async () => {
109
- const hooks: DataHooks = {
110
- afterRead(slug, entity) {
111
- // Hide draft products
112
- if (entity.status === "draft") return null;
113
- return entity;
114
- }
115
- };
116
- const app = createApp(mockDriver, hooks);
117
-
118
- mockDriver.fetchCollection.mockResolvedValue([
119
- { id: "p1",
120
- path: "products",
121
- values: { name: "Published",
122
- status: "active" } } as any,
123
- { id: "p2",
124
- path: "products",
125
- values: { name: "Draft",
126
- status: "draft" } } as any,
127
- { id: "p3",
128
- path: "products",
129
- values: { name: "Also Published",
130
- status: "active" } } as any
131
- ]);
132
- mockDriver.countEntities!.mockResolvedValue(3);
133
-
134
- const res = await app.request("/api/products");
135
- const body = await res.json() as any;
136
- expect(body.data).toHaveLength(2);
137
- expect(body.data.map((d: any) => d.name)).toEqual(["Published", "Also Published"]);
138
- });
139
-
140
- it("transforms single entity GET response", async () => {
141
- const hooks: DataHooks = {
142
- afterRead(slug, entity) {
143
- return { ...entity,
144
- _readAt: "2024-01-01" };
145
- }
146
- };
147
- const app = createApp(mockDriver, hooks);
148
-
149
- mockDriver.fetchEntity.mockResolvedValue(
150
- { id: "p1",
151
- path: "products",
152
- values: { name: "Widget" } } as any
153
- );
154
-
155
- const res = await app.request("/api/products/p1");
156
- expect(res.status).toBe(200);
157
-
158
- const body = await res.json() as any;
159
- expect(body.name).toBe("Widget");
160
- expect(body._readAt).toBe("2024-01-01");
161
- });
162
-
163
- it("returns 404 when afterRead filters a single entity", async () => {
164
- const hooks: DataHooks = {
165
- afterRead(slug, entity) {
166
- if (entity.id === "hidden") return null;
167
- return entity;
168
- }
169
- };
170
- const app = createApp(mockDriver, hooks);
171
-
172
- mockDriver.fetchEntity.mockResolvedValue(
173
- { id: "hidden",
174
- path: "products",
175
- values: { name: "Secret" } } as any
176
- );
177
-
178
- const res = await app.request("/api/products/hidden");
179
- expect(res.status).toBe(404);
180
- });
181
-
182
- it("only affects targeted collection slug", async () => {
183
- const hooks: DataHooks = {
184
- afterRead(slug, entity) {
185
- if (slug === "products") {
186
- return { ...entity,
187
- hooked: true };
188
- }
189
- return entity;
190
- }
191
- };
192
- const app = createApp(mockDriver, hooks);
193
-
194
- // Products should be hooked
195
- mockDriver.fetchEntity.mockResolvedValueOnce(
196
- { id: "p1",
197
- path: "products",
198
- values: { name: "Widget" } } as any
199
- );
200
- const prodRes = await app.request("/api/products/p1");
201
- const prodBody = await prodRes.json() as any;
202
- expect(prodBody.hooked).toBe(true);
203
-
204
- // Orders should NOT be hooked
205
- mockDriver.fetchEntity.mockResolvedValueOnce(
206
- { id: "o1",
207
- path: "orders",
208
- values: { total: 42 } } as any
209
- );
210
- const orderRes = await app.request("/api/orders/o1");
211
- const orderBody = await orderRes.json() as any;
212
- expect(orderBody.hooked).toBeUndefined();
213
- });
214
- });
215
-
216
- // ── beforeSave ────────────────────────────────────────────────────
217
- describe("data.beforeSave", () => {
218
- it("transforms values before POST (create)", async () => {
219
- const hooks: DataHooks = {
220
- beforeSave(slug, values, entityId) {
221
- return { ...values,
222
- slug: values.name?.toString().toLowerCase().replace(/\s+/g, "-") };
223
- }
224
- };
225
- const app = createApp(mockDriver, hooks);
226
-
227
- mockDriver.saveEntity.mockResolvedValue(
228
- { id: "new-1",
229
- path: "products",
230
- values: { name: "Cool Widget",
231
- slug: "cool-widget" } } as any
232
- );
233
-
234
- const res = await app.request("/api/products", {
235
- method: "POST",
236
- headers: { "Content-Type": "application/json" },
237
- body: JSON.stringify({ name: "Cool Widget" })
238
- });
239
-
240
- expect(res.status).toBe(201);
241
- expect(mockDriver.saveEntity).toHaveBeenCalledWith(
242
- expect.objectContaining({
243
- values: expect.objectContaining({ slug: "cool-widget" })
244
- })
245
- );
246
- });
247
-
248
- it("transforms values before PUT (update)", async () => {
249
- const hooks: DataHooks = {
250
- beforeSave(slug, values, entityId) {
251
- // Add an updatedBy field
252
- return { ...values,
253
- updatedBy: "hook" };
254
- }
255
- };
256
- const app = createApp(mockDriver, hooks);
257
-
258
- mockDriver.fetchEntity.mockResolvedValue({ id: "p1",
259
- path: "products",
260
- values: {} } as any);
261
- mockDriver.saveEntity.mockResolvedValue(
262
- { id: "p1",
263
- path: "products",
264
- values: { name: "Updated",
265
- updatedBy: "hook" } } as any
266
- );
267
-
268
- const res = await app.request("/api/products/p1", {
269
- method: "PUT",
270
- headers: { "Content-Type": "application/json" },
271
- body: JSON.stringify({ name: "Updated" })
272
- });
273
-
274
- expect(res.status).toBe(200);
275
- expect(mockDriver.saveEntity).toHaveBeenCalledWith(
276
- expect.objectContaining({
277
- values: expect.objectContaining({ updatedBy: "hook" })
278
- })
279
- );
280
- });
281
-
282
- it("receives entityId=undefined on POST, actual id on PUT", async () => {
283
- const beforeSaveSpy = jest.fn((slug, values, entityId) => values);
284
- const hooks: DataHooks = { beforeSave: beforeSaveSpy };
285
- const app = createApp(mockDriver, hooks);
286
-
287
- // POST
288
- mockDriver.saveEntity.mockResolvedValueOnce(
289
- { id: "new-1",
290
- path: "products",
291
- values: { name: "A" } } as any
292
- );
293
- await app.request("/api/products", {
294
- method: "POST",
295
- headers: { "Content-Type": "application/json" },
296
- body: JSON.stringify({ name: "A" })
297
- });
298
- expect(beforeSaveSpy.mock.calls[0][2]).toBeUndefined(); // entityId
299
-
300
- // PUT
301
- mockDriver.fetchEntity.mockResolvedValueOnce({ id: "p1",
302
- path: "products",
303
- values: {} } as any);
304
- mockDriver.saveEntity.mockResolvedValueOnce(
305
- { id: "p1",
306
- path: "products",
307
- values: { name: "B" } } as any
308
- );
309
- await app.request("/api/products/p1", {
310
- method: "PUT",
311
- headers: { "Content-Type": "application/json" },
312
- body: JSON.stringify({ name: "B" })
313
- });
314
- expect(beforeSaveSpy.mock.calls[1][2]).toBe("p1"); // entityId
315
- });
316
-
317
- it("aborts save when beforeSave throws", async () => {
318
- const hooks: DataHooks = {
319
- beforeSave(slug, values) {
320
- if (!values.name) throw new Error("Name is required");
321
- return values;
322
- }
323
- };
324
- const app = createApp(mockDriver, hooks);
325
-
326
- const res = await app.request("/api/products", {
327
- method: "POST",
328
- headers: { "Content-Type": "application/json" },
329
- body: JSON.stringify({ price: 99 })
330
- });
331
-
332
- // Should get an error status
333
- expect(res.status).toBeGreaterThanOrEqual(400);
334
- expect(mockDriver.saveEntity).not.toHaveBeenCalled();
335
- });
336
- });
337
-
338
- // ── afterSave ─────────────────────────────────────────────────────
339
- describe("data.afterSave", () => {
340
- it("fires afterSave after POST", async () => {
341
- const afterSaveSpy = jest.fn();
342
- const hooks: DataHooks = { afterSave: afterSaveSpy };
343
- const app = createApp(mockDriver, hooks);
344
-
345
- mockDriver.saveEntity.mockResolvedValue(
346
- { id: "new-1",
347
- path: "products",
348
- values: { name: "Widget" } } as any
349
- );
350
-
351
- const res = await app.request("/api/products", {
352
- method: "POST",
353
- headers: { "Content-Type": "application/json" },
354
- body: JSON.stringify({ name: "Widget" })
355
- });
356
-
357
- expect(res.status).toBe(201);
358
- await new Promise(r => setTimeout(r, 50));
359
- expect(afterSaveSpy).toHaveBeenCalledTimes(1);
360
- expect(afterSaveSpy).toHaveBeenCalledWith(
361
- "products",
362
- expect.objectContaining({ id: "new-1",
363
- name: "Widget" }),
364
- expect.objectContaining({ method: "POST" })
365
- );
366
- });
367
-
368
- it("fires afterSave after PUT", async () => {
369
- const afterSaveSpy = jest.fn();
370
- const hooks: DataHooks = { afterSave: afterSaveSpy };
371
- const app = createApp(mockDriver, hooks);
372
-
373
- mockDriver.fetchEntity.mockResolvedValue({ id: "p1",
374
- path: "products",
375
- values: {} } as any);
376
- mockDriver.saveEntity.mockResolvedValue(
377
- { id: "p1",
378
- path: "products",
379
- values: { name: "Updated" } } as any
380
- );
381
-
382
- await app.request("/api/products/p1", {
383
- method: "PUT",
384
- headers: { "Content-Type": "application/json" },
385
- body: JSON.stringify({ name: "Updated" })
386
- });
387
-
388
- await new Promise(r => setTimeout(r, 50));
389
- expect(afterSaveSpy).toHaveBeenCalledWith(
390
- "products",
391
- expect.objectContaining({ id: "p1" }),
392
- expect.objectContaining({ method: "PUT" })
393
- );
394
- });
395
- });
396
-
397
- // ── beforeDelete / afterDelete ───────────────────────────────────
398
- describe("data.beforeDelete / afterDelete", () => {
399
- it("aborts deletion when beforeDelete throws", async () => {
400
- const hooks: DataHooks = {
401
- beforeDelete(slug, entityId) {
402
- if (entityId === "protected") {
403
- throw new Error("Cannot delete protected entity");
404
- }
405
- }
406
- };
407
- const app = createApp(mockDriver, hooks);
408
-
409
- mockDriver.fetchEntity.mockResolvedValue(
410
- { id: "protected",
411
- path: "products",
412
- values: {} } as any
413
- );
414
-
415
- const res = await app.request("/api/products/protected", { method: "DELETE" });
416
- expect(res.status).toBe(500);
417
- expect(mockDriver.deleteEntity).not.toHaveBeenCalled();
418
- });
419
-
420
- it("allows deletion when beforeDelete does not throw", async () => {
421
- const beforeDeleteSpy = jest.fn();
422
- const hooks: DataHooks = { beforeDelete: beforeDeleteSpy };
423
- const app = createApp(mockDriver, hooks);
424
-
425
- const existingEntity = { id: "p1",
426
- path: "products",
427
- values: {} } as any;
428
- mockDriver.fetchEntity.mockResolvedValue(existingEntity);
429
- mockDriver.deleteEntity.mockResolvedValue();
430
-
431
- const res = await app.request("/api/products/p1", { method: "DELETE" });
432
- expect(res.status).toBe(204);
433
- expect(beforeDeleteSpy).toHaveBeenCalledWith(
434
- "products", "p1", expect.objectContaining({ method: "DELETE" })
435
- );
436
- expect(mockDriver.deleteEntity).toHaveBeenCalled();
437
- });
438
-
439
- it("fires afterDelete after successful deletion", async () => {
440
- const afterDeleteSpy = jest.fn();
441
- const hooks: DataHooks = { afterDelete: afterDeleteSpy };
442
- const app = createApp(mockDriver, hooks);
443
-
444
- mockDriver.fetchEntity.mockResolvedValue({ id: "p1",
445
- path: "products",
446
- values: {} } as any);
447
- mockDriver.deleteEntity.mockResolvedValue();
448
-
449
- await app.request("/api/products/p1", { method: "DELETE" });
450
- await new Promise(r => setTimeout(r, 50));
451
-
452
- expect(afterDeleteSpy).toHaveBeenCalledWith(
453
- "products", "p1", expect.objectContaining({ method: "DELETE" })
454
- );
455
- });
456
- });
457
-
458
- // ── no hooks (passthrough) ──────────────────────────────────────
459
- describe("no hooks configured", () => {
460
- it("returns data unchanged when no hooks are provided", async () => {
461
- const app = createApp(mockDriver); // no hooks
462
- mockDriver.fetchCollection.mockResolvedValue([
463
- { id: "p1",
464
- path: "products",
465
- values: { name: "Widget" } } as any
466
- ]);
467
- mockDriver.countEntities!.mockResolvedValue(1);
468
-
469
- const res = await app.request("/api/products");
470
- expect(res.status).toBe(200);
471
-
472
- const body = await res.json() as any;
473
- expect(body.data).toHaveLength(1);
474
- expect(body.data[0].name).toBe("Widget");
475
- });
476
- });
477
- });