@rebasepro/server-postgresql 0.3.0 → 0.5.0

package/dist/types/src/types/properties.d.ts

@@ -1,6 +1,6 @@
 import type { ComponentRef } from "./component_ref";
-import type { EntityReference, EntityRelation, EntityValues, GeoPoint, Entity, Vector } from "./entities";
-import type { Relation, JoinStep, OnAction } from "./relations";
+import type { Entity, EntityReference, EntityRelation, EntityValues, GeoPoint, Vector } from "./entities";
+import type { JoinStep, OnAction, Relation } from "./relations";
 import type { EntityCollection, FilterValues } from "./collections";
 import type { ColorKey, ColorScheme } from "./chips";
 import type { AuthController } from "../controllers/auth";
@@ -104,8 +104,8 @@ export interface BaseUIConfig<CustomProps = unknown> {
     disabled?: boolean | PropertyDisabledConfig;
     widthPercentage?: number;
     customProps?: CustomProps;
-    Field?: ComponentRef;
-    Preview?: ComponentRef;
+    Field?: ComponentRef<any>;
+    Preview?: ComponentRef<any>;
 }
 export interface BaseProperty<CustomProps = unknown> {
     ui?: BaseUIConfig<CustomProps>;
@@ -185,7 +185,7 @@ export interface StringProperty extends BaseProperty {
      * Optional database column type. If not set, it defaults to `varchar` or `uuid` depending on `isId` configuration.
      * Use `text` for strings with unbound length, `char` for fixed-length strings, or `varchar` for variable-length strings with a limit.
      */
-    columnType?: "varchar" | "text" | "char";
+    columnType?: "varchar" | "text" | "char" | "uuid";
     /**
      * Rules for validating this property
      */
@@ -541,9 +541,11 @@ export interface ArrayProperty extends BaseProperty {
     ui?: ArrayUIConfig;
     type: "array";
     /**
-     * Optional database column type. Defaults to `jsonb`.
+     * Optional database column type. By default, maps to a native Postgres array
+     * (e.g. `text[]`, `integer[]`/`numeric[]`, `boolean[]`) if the element type
+     * is a primitive, otherwise defaults to `jsonb`.
      */
-    columnType?: "json" | "jsonb";
+    columnType?: "json" | "jsonb" | "text[]" | "integer[]" | "boolean[]" | "numeric[]";
     /**
      * The property of this array.
      * You can specify any property (except another Array property)
@@ -639,14 +641,6 @@ export interface MapProperty extends BaseProperty {
      * Properties that are displayed when rendered as a preview
      */
     previewProperties?: string[];
-    /**
-     * Allow the user to add only some keys in this map.
-     * By default, all properties of the map have the corresponding field in
-     * the form view. Setting this flag to true allows to pick only some.
-     * Useful for map that can have a lot of sub-properties that may not be
-     * needed
-     */
-    pickOnlySomeKeys?: boolean;
     /**
      * Render this map as a key-value table that allows to use
      * arbitrary keys. You don't need to define the properties in this case.

package/dist/types/src/types/user_management_delegate.d.ts

@@ -1,4 +1,4 @@
-import { Role, User } from "../users";
+import type { User } from "../users";
 /**
  * Result of creating a new user via admin flow.
  * Contains the created user plus information about how credentials were delivered.
@@ -15,56 +15,46 @@ export interface UserCreationResult<USER extends User = User> {
     temporaryPassword?: string;
 }
 /**
- * Delegate to manage users, roles, and their permissions.
- * This interface allows the CMS to be completely agnostic of the underlying
- * authentication provider or backend.
+ * Delegate to manage auth-specific user operations.
+ *
+ * This interface allows the CMS to be agnostic of the underlying
+ * authentication provider or backend. User/role CRUD is now handled
+ * by the collection system; this delegate only exposes auth-specific
+ * operations (password hashing, invitations, bootstrap).
  *
  * @group Models
  */
 export interface UserManagementDelegate<USER extends User = User> {
     /**
-     * Are the users and roles currently being fetched?
+     * Are auth-related operations currently loading?
      */
     loading: boolean;
     /**
-     * List of users managed by the CMS.
+     * In-memory list of users (used for client-side filtering fallback).
      */
-    users: USER[];
+    users?: USER[];
     /**
-     * Optional error if users failed to load.
+     * Error from fetching the users list, if any.
      */
     usersError?: Error;
     /**
-     * Function to get a user by its uid. This is used to show
-     * user information when assigning ownership of an entity.
-     * @param uid
+     * Look up a single user by UID from the in-memory cache.
      */
-    getUser: (uid: string) => USER | null;
+    getUser?: (uid: string) => USER | null;
     /**
-     * Search users with server-side pagination.
-     * When provided, the CMS will use this for the users table
-     * instead of loading all users into memory.
+     * Server-side user search with pagination.
      */
-    searchUsers?: (options: {
+    searchUsers?: (params: {
         search?: string;
         limit?: number;
         offset?: number;
-        orderBy?: string;
-        orderDir?: "asc" | "desc";
-        roleId?: string;
     }) => Promise<{
         users: USER[];
         total: number;
     }>;
-    /**
-     * Save a user (create or update)
-     * @param user
-     */
-    saveUser?: (user: USER) => Promise<USER>;
     /**
      * Create a new user with invitation/password generation support.
      * Returns additional info about how the credentials were delivered.
-     * Falls back to saveUser if not provided.
      */
     createUser?: (user: USER) => Promise<UserCreationResult<USER>>;
     /**
@@ -73,42 +63,15 @@ export interface UserManagementDelegate<USER extends User = User> {
      * or a flag indicating an email invitation was sent.
      */
     resetPassword?: (user: USER) => Promise<UserCreationResult<USER>>;
-    /**
-     * Delete a user
-     * @param user
-     */
-    deleteUser?: (user: USER) => Promise<void>;
-    /**
-     * List of roles defined in the CMS.
-     */
-    roles?: Role[];
-    /**
-     * Optional error if roles failed to load.
-     */
-    rolesError?: Error;
-    /**
-     * Save a role (create or update)
-     * @param role
-     */
-    saveRole?: (role: Role) => Promise<void>;
-    /**
-     * Delete a role
-     * @param role
-     */
-    deleteRole?: (role: Role) => Promise<void>;
     /**
      * Is the currently logged in user an admin?
      */
     isAdmin?: boolean;
-    /**
-     * If true, the UI will allow the user to create the default roles (admin, editor, viewer).
-     */
-    allowDefaultRolesCreation?: boolean;
     /**
      * Optionally define roles for a given user. This is useful when the roles
      * are coming from a separate provider than the one issuing the tokens.
      */
-    defineRolesFor?: (user: USER) => Promise<Role[] | undefined> | Role[] | undefined;
+    defineRolesFor?: (user: USER) => Promise<string[] | undefined> | string[] | undefined;
     /**
      * Whether any admin users exist. Used by the bootstrap banner to decide
      * whether to prompt.  Populated via a lightweight check (e.g. `limit=1`

package/dist/types/src/users/index.d.ts

@@ -1,2 +1 @@
 export * from "./user";
-export * from "./roles";

package/dist/types/src/users/user.d.ts

@@ -35,7 +35,6 @@ export type User = {
     readonly isAnonymous: boolean;
     /**
      * Role IDs assigned to this user (e.g. ["admin", "editor"]).
-     * These are plain string IDs — use the UserManagementDelegate to look up full Role objects.
      */
     roles?: string[];
     /**

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@rebasepro/server-postgresql",
   "type": "module",
-  "version": "0.3.0",
+  "version": "0.5.0",
   "description": "PostgreSQL data source backend implementation for Rebase with Drizzle ORM",
   "funding": {
     "url": "https://github.com/sponsors/rebaseco"
@@ -68,11 +68,11 @@
     "hono": "^4.12.21",
     "pg": "^8.21.0",
     "ws": "^8.20.1",
-    "@rebasepro/common": "0.3.0",
-    "@rebasepro/sdk-generator": "0.3.0",
-    "@rebasepro/server-core": "0.3.0",
-    "@rebasepro/utils": "0.3.0",
-    "@rebasepro/types": "0.3.0"
+    "@rebasepro/sdk-generator": "0.5.0",
+    "@rebasepro/server-core": "0.5.0",
+    "@rebasepro/types": "0.5.0",
+    "@rebasepro/utils": "0.5.0",
+    "@rebasepro/common": "0.5.0"
   },
   "devDependencies": {
     "@types/jest": "^29.5.14",

package/src/PostgresBackendDriver.ts

@@ -631,6 +631,12 @@ propertyCallbacks: undefined };
 
     }
 
+    async deleteAll(path: string): Promise<void> {
+        await this.entityService.deleteAll(path);
+        // Notify real-time subscribers of bulk change
+        await this.realtimeService.notifyEntityUpdate(path, "*", null);
+    }
+
     async checkUniqueField(
         path: string,
         name: string,
@@ -1072,6 +1078,10 @@ roles: this.user?.roles ?? [] };
         return this.withTransaction((delegate) => delegate.deleteEntity(props));
     }
 
+    async deleteAll(path: string): Promise<void> {
+        return this.withTransaction((delegate) => delegate.deleteAll(path));
+    }
+
     async checkUniqueField(
         path: string,
         name: string,

package/src/PostgresBootstrapper.ts

@@ -6,7 +6,8 @@
 
 import { getTableName, isTable, Relations, sql, Table } from "drizzle-orm";
 import { NodePgDatabase } from "drizzle-orm/node-postgres";
-import { PgEnum, PgTable, getTableConfig, AnyPgColumn } from "drizzle-orm/pg-core";
+import { PgEnum, PgTable, getTableConfig } from "drizzle-orm/pg-core";
+import type { RebasePgTable } from "./types";
 import {
     BackendBootstrapper,
     InitializedDriver,
@@ -30,7 +31,7 @@ import {
 // @ts-ignore
 } from "@rebasepro/server-core";
 import { ensureAuthTablesExist } from "./auth/ensure-tables";
-import { RoleService, UserService, PostgresAuthRepository, AuthSchemaTables } from "./auth/services";
+import { UserService, PostgresAuthRepository, AuthSchemaTables } from "./auth/services";
 import { createAuthSchema } from "./schema/auth-schema";
 
 // @ts-ignore
@@ -180,47 +181,51 @@ export function createPostgresBootstrapper(pgConfig: PostgresDriverConfig): Back
         },
 
         async initializeAuth(config: unknown, driverResult: InitializedDriver): Promise<BootstrappedAuth | undefined> {
-            const authConfig = config as AuthConfig | undefined;
+            const authConfig = config as Record<string, unknown> | undefined;
             if (!authConfig) return undefined;
 
             const internals = driverResult.internals as PostgresDriverInternals;
             const db = internals.db;
             const registry = internals.registry;
 
-            await ensureAuthTablesExist(db, registry);
+            // Resolve the auth collection from the explicit config.
+            // This replaces the old `registry.getTable("users")` magic string lookup.
+            const authCollection = authConfig.collection as EntityCollection | undefined;
+
+            // ensureAuthTablesExist works with the collection abstraction — no Drizzle leakage.
+            await ensureAuthTablesExist(db, authCollection);
 
             let emailService: EmailService | undefined;
             if (authConfig.email) {
-                emailService = createEmailService(authConfig.email);
+                emailService = createEmailService(authConfig.email as EmailConfig);
             }
 
-            const customUsersTable = registry?.getTable("users");
-            const customRolesTable = registry?.getTable("roles");
+            // Resolve the Drizzle table for the internal UserService/AuthRepository.
+            // These are internal Postgres-specific services that need the Drizzle table reference.
+            const tableName = authCollection
+                ? ("table" in authCollection && typeof authCollection.table === "string"
+                    ? authCollection.table
+                    : authCollection.slug)
+                : undefined;
+            const usersTable = tableName
+                ? registry.getTable(tableName) as RebasePgTable | undefined
+                : undefined;
 
             let usersSchemaName = "rebase";
-            let rolesSchemaName = "rebase";
-
-            if (customUsersTable) {
-                usersSchemaName = getTableConfig(customUsersTable).schema || "public";
-            }
-            if (customRolesTable) {
-                rolesSchemaName = getTableConfig(customRolesTable).schema || "public";
+            if (authCollection && "schema" in authCollection && typeof authCollection.schema === "string") {
+                usersSchemaName = authCollection.schema;
             }
 
-            const authTables = createAuthSchema(rolesSchemaName, usersSchemaName) as unknown as AuthSchemaTables;
-            if (customUsersTable) {
-                authTables.users = customUsersTable as unknown as PgTable & Record<string, AnyPgColumn>;
-            }
-            if (customRolesTable) {
-                authTables.roles = customRolesTable as unknown as PgTable & Record<string, AnyPgColumn>;
+            const authTables = createAuthSchema(usersSchemaName) as unknown as AuthSchemaTables;
+            if (usersTable) {
+                authTables.users = usersTable as RebasePgTable;
             }
 
             const userService = new UserService(db, authTables);
-            const roleService = new RoleService(db, authTables);
             const authRepository = new PostgresAuthRepository(db, authTables);
 
             return { userService,
-roleService,
+roleService: userService,
 emailService,
 authRepository };
         },

package/src/auth/ensure-tables.ts

@@ -1,94 +1,62 @@
 import { sql } from "drizzle-orm";
 import { NodePgDatabase } from "drizzle-orm/node-postgres";
-import { getTableConfig, AnyPgColumn, PgTable } from "drizzle-orm/pg-core";
-import { getColumnMeta } from "../services/entity-helpers";
-import { PostgresCollectionRegistry } from "../collections/PostgresCollectionRegistry";
 import { logger } from "@rebasepro/server-core";
+import type { EntityCollection } from "@rebasepro/types";
+
 
-/**
- * Default roles to seed on first run
- */
-const DEFAULT_ROLES = [
-    {
-        id: "admin",
-        name: "Admin",
-        is_admin: true,
-        default_permissions: { read: true, create: true, edit: true, delete: true }
-    },
-    {
-        id: "editor",
-        name: "Editor",
-        is_admin: false,
-        default_permissions: { read: true, create: true, edit: true, delete: true }
-    },
-    {
-        id: "viewer",
-        name: "Viewer",
-        is_admin: false,
-        default_permissions: { read: true, create: false, edit: false, delete: false }
-    }
-];
 
 /**
- * Auto-create auth tables if they don't exist
- * This runs on startup to ensure the database is ready for auth
+ * Auto-create auth tables if they don't exist.
+ *
+ * @param db         — Drizzle database instance
+ * @param collection — The collection that represents auth users.
+ *                     When omitted, a default `rebase.users` table is created.
  */
-export async function ensureAuthTablesExist(db: NodePgDatabase, registry?: PostgresCollectionRegistry): Promise<void> {
+export async function ensureAuthTablesExist(db: NodePgDatabase, collection?: EntityCollection): Promise<void> {
     logger.info("🔍 Checking auth tables...");
 
     try {
-        // Resolve dynamic user table name and ID type
-        let usersTableName = '"users"';
+        // Resolve dynamic user table name and ID type from the collection
+        let usersTableName = '"rebase"."users"';
         let userIdType = "TEXT";
-        let usersSchema = "public";
-        if (registry) {
-            const usersTable = registry.getTable("users") as (PgTable & Record<string, AnyPgColumn>) | undefined;
-            if (usersTable) {
-                const { getTableName } = await import("drizzle-orm");
-                usersSchema = getTableConfig(usersTable).schema || "public";
-                usersTableName = usersSchema === "public" ? `"${getTableName(usersTable)}"` : `"${usersSchema}"."${getTableName(usersTable)}"`;
-
-                // Inspect users.id column to match referenced column type
-                if (usersTable.id) {
-                    const col = usersTable.id;
-                    const meta = getColumnMeta(col);
-                    const columnType = meta.columnType;
-                    if (columnType === "PgUUID") {
-                        userIdType = "UUID";
-                    } else if (columnType === "PgSerial" || columnType === "PgInteger") {
-                        userIdType = "INTEGER";
-                    } else if (columnType === "PgBigInt" || columnType === "PgBigSerial") {
-                        userIdType = "BIGINT";
-                    }
+        let usersSchema = "rebase";
+        if (collection) {
+            const rawTable = ("table" in collection && typeof collection.table === "string")
+                ? collection.table
+                : collection.slug;
+            usersSchema = ("schema" in collection && typeof collection.schema === "string")
+                ? collection.schema
+                : "public";
+            usersTableName = usersSchema === "public"
+                ? `"${rawTable}"`
+                : `"${usersSchema}"."${rawTable}"`;
+
+            // Derive ID column type from collection properties
+            const idProp = collection.properties?.id;
+            if (idProp) {
+                const isId = ("isId" in idProp) ? (idProp as unknown as Record<string, unknown>).isId : undefined;
+                if (isId === "uuid") {
+                    userIdType = "UUID";
+                } else if (isId === "autoincrement") {
+                    userIdType = "INTEGER";
                 }
+                // Otherwise keep TEXT as default
             }
         }
 
-        // Resolve dynamic roles schema name
-        let rolesSchema = "rebase";
-        if (registry) {
-            const rolesTable = registry.getTable("roles");
-            if (rolesTable) {
-                rolesSchema = getTableConfig(rolesTable).schema || "public";
-            }
-        }
+
 
         // ── Create schemas (idempotent) ──────────────────────────────────
         if (usersSchema !== "public") {
             await db.execute(sql`CREATE SCHEMA IF NOT EXISTS ${sql.raw(usersSchema)}`);
         }
-        if (rolesSchema !== "public" && rolesSchema !== usersSchema) {
-            await db.execute(sql`CREATE SCHEMA IF NOT EXISTS ${sql.raw(rolesSchema)}`);
-        }
         await db.execute(sql`CREATE SCHEMA IF NOT EXISTS rebase`);
 
-        // Dynamic table names
-        const userIdentitiesTable = `"${rolesSchema}"."user_identities"`;
-        const rolesTableName = `"${rolesSchema}"."roles"`;
-        const userRolesTableName = `"${rolesSchema}"."user_roles"`;
-        const refreshTokensTableName = `"${rolesSchema}"."refresh_tokens"`;
-        const passwordResetTokensTableName = `"${rolesSchema}"."password_reset_tokens"`;
-        const appConfigTableName = `"${rolesSchema}"."app_config"`;
+        const authSchema = usersSchema === "public" ? "rebase" : usersSchema;
+        const userIdentitiesTable = `"${authSchema}"."user_identities"`;
+        const refreshTokensTableName = `"${authSchema}"."refresh_tokens"`;
+        const passwordResetTokensTableName = `"${authSchema}"."password_reset_tokens"`;
+        const appConfigTableName = `"${authSchema}"."app_config"`;
 
         // ── Create tables (idempotent) ──────────────────────────────────
 
@@ -113,32 +81,6 @@ export async function ensureAuthTablesExist(db: NodePgDatabase, registry?: Postg
         `);
 
 
-        // Create roles table
-        await db.execute(sql`
-            CREATE TABLE IF NOT EXISTS ${sql.raw(rolesTableName)} (
-                id TEXT PRIMARY KEY,
-                name TEXT NOT NULL,
-                is_admin BOOLEAN DEFAULT FALSE,
-                default_permissions JSONB,
-                collection_permissions JSONB,
-                created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
-            )
-        `);
-
-        // Create user_roles junction table
-        await db.execute(sql`
-            CREATE TABLE IF NOT EXISTS ${sql.raw(userRolesTableName)} (
-                user_id ${sql.raw(userIdType)} NOT NULL REFERENCES ${sql.raw(usersTableName)}(id) ON DELETE CASCADE,
-                role_id TEXT NOT NULL REFERENCES ${sql.raw(rolesTableName)}(id) ON DELETE CASCADE,
-                PRIMARY KEY (user_id, role_id)
-            )
-        `);
-
-        // Create index on user_id for faster lookups
-        await db.execute(sql`
-            CREATE INDEX IF NOT EXISTS idx_user_roles_user 
-            ON ${sql.raw(userRolesTableName)}(user_id)
-        `);
 
         // Create refresh tokens table (includes user_agent, ip_address, and unique constraint)
         await db.execute(sql`
@@ -229,7 +171,7 @@ export async function ensureAuthTablesExist(db: NodePgDatabase, registry?: Postg
         });
 
         // Seed default roles if none exist
-        await seedDefaultRoles(db, rolesTableName);
+        // (no-op: roles are now stored inline on the users table)
 
         // ── Migration: Add is_anonymous column (safe for existing tables) ────
         await db.execute(sql`
@@ -237,10 +179,51 @@ export async function ensureAuthTablesExist(db: NodePgDatabase, registry?: Postg
             ADD COLUMN IF NOT EXISTS is_anonymous BOOLEAN DEFAULT FALSE
         `);
 
+        // ── Migration: Add inline roles column (safe for existing tables) ────
+        await db.execute(sql`
+            ALTER TABLE ${sql.raw(usersTableName)}
+            ADD COLUMN IF NOT EXISTS roles TEXT[] DEFAULT '{}' NOT NULL
+        `);
+
+        // ── Migration: Copy roles from legacy junction table to inline column ──
+        // If the old rebase.user_roles and rebase.roles tables exist, migrate
+        // the data into the new TEXT[] column then drop the legacy tables.
+        try {
+            const legacyCheck = await db.execute(sql`
+                SELECT EXISTS (
+                    SELECT 1 FROM information_schema.tables
+                    WHERE table_schema = 'rebase' AND table_name = 'user_roles'
+                ) AS has_user_roles
+            `);
+            const hasLegacyTables = (legacyCheck.rows[0] as { has_user_roles: boolean }).has_user_roles;
+
+            if (hasLegacyTables) {
+                logger.info("🔄 Migrating roles from legacy user_roles table...");
+                // Update users' roles column from the junction table
+                await db.execute(sql`
+                    UPDATE ${sql.raw(usersTableName)} u
+                    SET roles = COALESCE((
+                        SELECT array_agg(ur.role_id)
+                        FROM "rebase"."user_roles" ur
+                        WHERE ur.user_id = u.id
+                    ), '{}')
+                    WHERE u.roles = '{}' OR u.roles IS NULL
+                `);
+
+                // Drop legacy tables (junction first due to FK)
+                await db.execute(sql`DROP TABLE IF EXISTS "rebase"."user_roles" CASCADE`);
+                await db.execute(sql`DROP TABLE IF EXISTS "rebase"."roles" CASCADE`);
+                logger.info("✅ Legacy roles tables migrated and dropped");
+            }
+        } catch (migrationError: unknown) {
+            // Non-fatal: log and continue — the column exists and will work
+            logger.warn(`⚠️  Legacy roles migration skipped: ${migrationError instanceof Error ? migrationError.message : String(migrationError)}`);
+        }
+
         // ── MFA tables ──────────────────────────────────────────────────────
-        const mfaFactorsTableName = `"${rolesSchema}"."mfa_factors"`;
-        const mfaChallengesTableName = `"${rolesSchema}"."mfa_challenges"`;
-        const recoveryCodesTableName = `"${rolesSchema}"."recovery_codes"`;
+        const mfaFactorsTableName = `"${authSchema}"."mfa_factors"`;
+        const mfaChallengesTableName = `"${authSchema}"."mfa_challenges"`;
+        const recoveryCodesTableName = `"${authSchema}"."recovery_codes"`;
 
         // Create mfa_factors table
         await db.execute(sql`
@@ -304,33 +287,3 @@ export async function ensureAuthTablesExist(db: NodePgDatabase, registry?: Postg
     }
 }
 
-/**
- * Seed default roles if the roles table is empty
- */
-async function seedDefaultRoles(db: NodePgDatabase, rolesTableName: string): Promise<void> {
-    // Check if any roles exist
-    const result = await db.execute(sql`SELECT COUNT(*) as count FROM ${sql.raw(rolesTableName)}`);
-    const count = parseInt((result.rows[0] as Record<string, string | number>)?.count as string || "0", 10);
-
-    if (count > 0) {
-        logger.info(`📋 Found ${count} existing roles`);
-        return;
-    }
-
-    logger.info("🌱 Seeding default roles...");
-
-    for (const role of DEFAULT_ROLES) {
-        await db.execute(sql`
-            INSERT INTO ${sql.raw(rolesTableName)} (id, name, is_admin, default_permissions)
-            VALUES (
-                ${role.id}, 
-                ${role.name}, 
-                ${role.is_admin}, 
-                ${JSON.stringify(role.default_permissions)}::jsonb
-            )
-            ON CONFLICT (id) DO NOTHING
-        `);
-    }
-
-    logger.info("✅ Default roles created: admin, editor, viewer");
-}