npm - @restforgejs/platform - Versions diffs - 4.1.1 → 4.3.1 - Mend

@restforgejs/platform 4.1.1 → 4.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (340) hide show

package/generators/lib/utils/audit-columns.js ADDED Viewed

@@ -0,0 +1,181 @@
+'use strict';
+/**
+ * Audit Columns Helper
+ *
+ * Resolve nama kolom audit yang efektif berdasarkan konfigurasi payload.
+ * Konvensi default mengikuti BaseModel runtime di `src/models/base-model.js`:
+ *   createdAt -> created_at
+ *   createdBy -> created_by
+ *   updatedAt -> updated_at
+ *   updatedBy -> updated_by
+ *
+ * Payload dapat override behavior:
+ *   - `auditColumns: false` (atau null) -> disable audit columns
+ *   - `auditColumns: { createdAt, createdBy, updatedAt, updatedBy }` -> custom mapping
+ *   - tidak di-set / true -> pakai default 4 nama standar
+ *
+ * Helper ini dipakai oleh:
+ *   - schema-diff: compute effective field list (fieldName ∪ audit columns)
+ *   - endpoint create: validation pre-codegen
+ *
+ * @module lib/utils/audit-columns
+ */
+const DEFAULT_AUDIT_COLUMN_MAP = {
+    createdAt: 'created_at',
+    createdBy: 'created_by',
+    updatedAt: 'updated_at',
+    updatedBy: 'updated_by'
+};
+const DEFAULT_AUDIT_COLUMNS = Object.values(DEFAULT_AUDIT_COLUMN_MAP);
+/**
+ * Cek apakah audit columns aktif untuk payload ini.
+ *
+ * @param {Object} payload - Processed payload object
+ * @returns {boolean} true jika audit columns akan di-inject runtime
+ */
+function isAuditColumnsEnabled(payload) {
+    if (!payload) return false;
+    if (!Object.prototype.hasOwnProperty.call(payload, 'auditColumns')) return true;
+    const value = payload.auditColumns;
+    if (value === false || value === null) return false;
+    return true;
+}
+/**
+ * Resolve nama kolom audit (sisi database) yang akan di-inject runtime.
+ * Mengembalikan empty array bila audit columns di-disable.
+ *
+ * @param {Object} payload - Processed payload object
+ * @returns {string[]} Array nama kolom database (snake_case)
+ */
+function resolveAuditColumnNames(payload) {
+    if (!isAuditColumnsEnabled(payload)) return [];
+    const value = payload && payload.auditColumns;
+    if (value && typeof value === 'object' && !Array.isArray(value)) {
+        const out = [];
+        for (const key of Object.keys(DEFAULT_AUDIT_COLUMN_MAP)) {
+            const mapped = value[key];
+            if (typeof mapped === 'string' && mapped.length > 0) {
+                out.push(mapped);
+            } else {
+                out.push(DEFAULT_AUDIT_COLUMN_MAP[key]);
+            }
+        }
+        return out;
+    }
+    return DEFAULT_AUDIT_COLUMNS.slice();
+}
+/**
+ * Resolve effective field list yang dipakai generator codegen:
+ * gabungan fieldName eksplisit di payload + audit columns yang akan
+ * di-inject runtime.
+ *
+ * Dipakai oleh schema validation untuk men-detect drift yang berasal
+ * dari implicit audit columns (kasus umum: auditColumns aktif tapi
+ * tabel database tidak punya kolom audit).
+ *
+ * @param {Object} payload - Processed payload object
+ * @returns {{ fields: string[], audit: string[], explicit: string[] }}
+ */
+function resolveEffectiveFieldList(payload) {
+    const explicit = Array.isArray(payload && payload.fieldName)
+        ? payload.fieldName.slice()
+        : [];
+    const audit = resolveAuditColumnNames(payload);
+    const merged = [];
+    const seen = new Set();
+    for (const f of explicit) {
+        if (!seen.has(f)) {
+            seen.add(f);
+            merged.push(f);
+        }
+    }
+    for (const f of audit) {
+        if (!seen.has(f)) {
+            seen.add(f);
+            merged.push(f);
+        }
+    }
+    return {
+        fields: merged,
+        audit,
+        explicit
+    };
+}
+/**
+ * Deteksi alignment kolom audit standar antara payload generator dan tabel
+ * database aktual. Helper ini dipakai oleh sync flow (payload-runner) dan
+ * initial generation untuk men-set `auditColumns: false` bila kolom audit
+ * tidak tersedia di database.
+ *
+ * Konvensi: kolom audit standar mengikuti DEFAULT_AUDIT_COLUMNS (snake_case).
+ * Match dilakukan exact lowercase; bila tabel pakai naming convention lain
+ * (mis. `CreatedAt`), audit detection akan miss.
+ *
+ * @param {string[]} dbColumns - Daftar nama kolom dari tabel database
+ * @returns {{
+ *   all: boolean,        // semua 4 kolom audit standar ada di database
+ *   partial: boolean,    // sebagian (1-3) kolom audit ada
+ *   none: boolean,       // tidak satupun kolom audit ada
+ *   present: string[],   // kolom audit yang ada di database
+ *   missing: string[]    // kolom audit yang tidak ada di database
+ * }}
+ */
+function detectAuditAlignment(dbColumns) {
+    const columns = Array.isArray(dbColumns) ? dbColumns : [];
+    const present = DEFAULT_AUDIT_COLUMNS.filter(col => columns.includes(col));
+    const missing = DEFAULT_AUDIT_COLUMNS.filter(col => !columns.includes(col));
+    return {
+        all: present.length === DEFAULT_AUDIT_COLUMNS.length,
+        partial: present.length > 0 && present.length < DEFAULT_AUDIT_COLUMNS.length,
+        none: present.length === 0,
+        present,
+        missing
+    };
+}
+/**
+ * Cek apakah konfigurasi `auditColumns` di payload memerlukan resolusi
+ * berdasarkan alignment dengan database. Dipakai sync flow untuk men-detect
+ * "audit-only drift" yang tidak ter-detect oleh comparator schema reguler.
+ *
+ * Aturan resolusi:
+ *   - `auditColumns: false`/`null` -> no-op (preserved)
+ *   - `auditColumns: { ... }` (object form) -> no auto-override (manual)
+ *   - `auditColumns: true` atau tidak di-set (default true) -> butuh resolusi
+ *     bila database tidak punya keempat kolom audit standar (none atau partial)
+ *
+ * @param {Object} payload - Processed payload object
+ * @param {ReturnType<typeof detectAuditAlignment>} auditAlignment
+ * @returns {boolean} true bila sync wajib regenerate untuk men-set false
+ */
+function needsAuditColumnResolution(payload, auditAlignment) {
+    if (!payload || !auditAlignment) return false;
+    const hasField = Object.prototype.hasOwnProperty.call(payload, 'auditColumns');
+    const value = hasField ? payload.auditColumns : undefined;
+    if (value === false || value === null) return false;
+    if (value && typeof value === 'object' && !Array.isArray(value)) return false;
+    return !auditAlignment.all;
+}
+module.exports = {
+    DEFAULT_AUDIT_COLUMN_MAP,
+    DEFAULT_AUDIT_COLUMNS,
+    isAuditColumnsEnabled,
+    resolveAuditColumnNames,
+    resolveEffectiveFieldList,
+    detectAuditAlignment,
+    needsAuditColumnResolution
+};

package/generators/lib/utils/cli-output.js CHANGED Viewed

@@ -67,6 +67,9 @@ class CliOutput {
       ? `${data.config.database} (force overwrite)`
       : data.config.database;
     out(`  Database     ${dbLine}`);
+    if (data.config.config) {
+      out(`  Config       ${data.config.config}`);
+    }
     out('');
     if (data.payload) {
@@ -79,6 +82,20 @@ class CliOutput {
       out('');
     }
+    if (data.schemaValidation) {
+      out('Schema Validation:');
+      if (data.schemaValidation.status === 'ok') {
+        const n = data.schemaValidation.columnsChecked || 0;
+        out(`  Status       OK (${n} column${n === 1 ? '' : 's'} match database)`);
+      } else if (data.schemaValidation.status === 'skipped') {
+        out('  Status       SKIPPED (--skip-schema-check)');
+        if (data.schemaValidation.reason) {
+          out(`  Reason       ${data.schemaValidation.reason}`);
+        }
+      }
+      out('');
+    }
     if (data.archive && data.archive.count > 0) {
       out('Archive (force):');
       out(`  Generation ${data.archive.generation} - ${data.archive.count} file(s) archived`);

package/generators/lib/utils/database-introspector.js CHANGED Viewed

@@ -242,22 +242,25 @@ class DatabaseIntrospector {
   }
   /**
-   * Close database connection
+   * Close database connection. Idempotent — panggilan kedua jadi no-op
+   * setelah `this.pool` di-null-kan. Ini mencegah pesan "Database connection
+   * closed" muncul dua kali ketika caller punya cleanup ganda (mis. cleanup
+   * eksplisit + cleanup di catch block).
    */
   async close() {
-    if (this.pool) {
-      try {
-        if (this.dbType === 'oracle') {
-          await this.pool.close(0);
-        } else {
-          await this.pool.end();
-        }
-      } catch (e) {
-        // ignore close errors
-      }
-      if (!this.quiet) {
-        console.log('Database connection closed');
+    if (!this.pool) return;
+    try {
+      if (this.dbType === 'oracle') {
+        await this.pool.close(0);
+      } else {
+        await this.pool.end();
       }
+    } catch (e) {
+      // ignore close errors
+    }
+    this.pool = null;
+    if (!this.quiet) {
+      console.log('Database connection closed');
     }
   }

package/generators/lib/utils/env-manager.js CHANGED Viewed

@@ -302,6 +302,12 @@ function backupEnvFile(filePath) {
     fs.copyFileSync(filePath, backupPath);
+    // Restrict permission ke owner-only karena .env mengandung credentials
+    // (LICENSE, KEY, DB_PASSWORD). No-op pada Windows yang pakai ACL.
+    if (process.platform !== 'win32') {
+        fs.chmodSync(backupPath, 0o600);
+    }
     return backupPath;
 }

package/generators/lib/utils/path-validator.js ADDED Viewed

@@ -0,0 +1,71 @@
+'use strict';
+/**
+ * Path Validator Utility
+ *
+ * Utility validasi path-aware untuk CLI handler yang menerima input path-like.
+ * Mencegah path traversal via `..` atau absolute path keluar dari working directory.
+ *
+ * Phase 02 dari Security Hardening v1 (Temuan B3).
+ *
+ * @module lib/utils/path-validator
+ */
+const path = require('node:path');
+const SAFE_NAME_REGEX = /^[a-zA-Z0-9_-]+$/;
+/**
+ * Validate nama folder/file/module yang aman digunakan sebagai path component.
+ * Hanya memperbolehkan alphanumeric, dash, dan underscore.
+ *
+ * @param {string} value - Input value dari CLI argument
+ * @param {string} fieldName - Nama field untuk konteks error message
+ * @returns {string} value yang sudah divalidasi (untuk chaining)
+ * @throws {Error} jika value tidak valid (non-string, kosong, atau mengandung
+ *                karakter di luar whitelist)
+ */
+function validateSafeName(value, fieldName) {
+    if (typeof value !== 'string' || value.length === 0) {
+        throw new Error(`${fieldName} must be a non-empty string`);
+    }
+    if (!SAFE_NAME_REGEX.test(value)) {
+        throw new Error(
+            `${fieldName} must contain only alphanumeric, dash, or underscore characters. ` +
+            `Got: ${JSON.stringify(value)}`
+        );
+    }
+    return value;
+}
+/**
+ * Validate bahwa resolved targetPath berada di dalam baseDir.
+ * Mencegah path traversal via `..` atau absolute path keluar.
+ *
+ * @param {string} targetPath - Path target (boleh relative atau absolute)
+ * @param {string} baseDir - Base directory yang harus mengandung targetPath
+ * @returns {string} resolved absolute path
+ * @throws {Error} jika resolved path escape dari baseDir
+ */
+function validatePathWithinBase(targetPath, baseDir) {
+    if (typeof targetPath !== 'string' || targetPath.length === 0) {
+        throw new Error('targetPath must be a non-empty string');
+    }
+    if (typeof baseDir !== 'string' || baseDir.length === 0) {
+        throw new Error('baseDir must be a non-empty string');
+    }
+    const baseResolved = path.resolve(baseDir);
+    const resolved = path.isAbsolute(targetPath)
+        ? path.resolve(targetPath)
+        : path.resolve(baseResolved, targetPath);
+    if (resolved !== baseResolved && !resolved.startsWith(baseResolved + path.sep)) {
+        throw new Error(
+            `Path "${targetPath}" escapes from base directory ${baseDir}`
+        );
+    }
+    return resolved;
+}
+module.exports = { validateSafeName, validatePathWithinBase };

package/generators/lib/validators/payload-validator.js CHANGED Viewed

@@ -263,7 +263,6 @@ class PayloadValidator {
     if (payload.fieldProtection !== undefined) {
       throw new Error(
         `'fieldProtection' in ${fileName} has been replaced by 'fieldPolicy'. ` +
-        `See docs/todo/todo-fieldpolicy-extension.md for migration. ` +
         `Example: { "fieldPolicy": { "${Object.keys(payload.fieldProtection)[0] || 'columnName'}": { "strategies": ["lock", "audit"] } } }`
       );
     }
@@ -468,7 +467,7 @@ class PayloadValidator {
         if (PHASE2_STRATEGIES.includes(strategy)) {
           throw new Error(
-            `fieldPolicy.${columnName}.strategies includes '${strategy}' which is planned for Phase 2 of fieldPolicy roadmap (docs/todo/todo-fieldpolicy-extension.md). Currently only 'lock' and 'audit' are supported.`
+            `fieldPolicy.${columnName}.strategies includes '${strategy}' which is planned for Phase 2 of fieldPolicy roadmap. Currently only 'lock' and 'audit' are supported.`
           );
         }

package/integrity-manifest.json CHANGED Viewed

@@ -1,19 +1,37 @@
 {
-  "version": "4.1.1",
-  "generated": "2026-05-19T01:38:06.824Z",
+  "version": "4.3.1",
+  "generated": "2026-05-23T07:28:02.234Z",
   "generator": "restforge-build-system",
   "algorithm": "sha256",
   "files": {
-    "server.js": "2bf1e25e7af33bb70dd0f3d5f3f970ed2f5d227c6c5534b4dfe5cb294d59b2f5",
-    "src/utils/license-client.js": "976511ab72f356595bf1399a50480d340b556f9bce4b71058b90b10d6bd8e793",
-    "src/utils/trusted-keys.js": "faf93514b43a83650c950c05aca6e42ed64c19fbeb7e3c84e93c509de84bd2c0",
-    "cli/consumer.js": "e2a5055652cee82d32b6873e21469bc07784a490d125ec7e64171ba06ad31397",
-    "src/utils/security-checks.js": "1748b39715ff5c1047a730d1e62a22151b38eedc0f48bbd33b1ab4f0ff592d34",
-    "scripts/verify-integrity.js": "3e891f9baa234362ebcee8d1048fe7bac3221a026c2918cf0e154e5ea3444c87"
+    "server.js": "2ef2e146c66d74df2413398fa86944396ca20c310606237d2819eea504a3692c",
+    "src/utils/license-client.js": "5842a6fefa0ef4035cbd7ec1cac2ba65a6918e7faa1afa38812b2bb6e5be93b0",
+    "src/utils/trusted-keys.js": "2440fca5a73a633d9b37a2df2e740a8a00e131ecbabb05700cb6969cdf868da1",
+    "cli/consumer.js": "fcadb7f7c5b4c09c328ffb1ae882df823f5046d1a0c9ec61d25142bcca262663",
+    "src/utils/security-checks.js": "ca6d75ee3c20051f4931bd28d2ab12f0f5892e8d74e223bdac3038731979f557",
+    "scripts/verify-integrity.js": "bcd4ab356a196676235ffc81ab086b6fa7204e2720549f58006054f8cf7aafd3",
+    "bin/restforge-hwinfo-linux": "d9a0071b0acf58a020e738a29837de356f531a5a84d363a2adc50563e3874b8f",
+    "bin/restforge-hwinfo-darwin": "d35b15d4e6d7bbdd8317490335ba9602ce5c218519898fa3eabe18cc9c5bb1b6",
+    "bin/restforge-hwinfo.exe": "351fa4d33459d30de804ee78deb5eb977b77b688fe1b7b461cdaa214a82f145e",
+    "generators/lib/templates/mysql-template.js": "f0328973fb28dd1d01f314e1328d817aed4fde9243f8c9896f950cb57a3fcffb",
+    "generators/lib/templates/oracle-template.js": "58f3a1cff3fbcffc39ae6cacb72a6c88a8434e8c33b8ae7463806095c84cf1b3",
+    "generators/lib/templates/postgres-template.js": "d339fd5f0ce260233e3c80831a637dd8d27e4f4ca72aa39a3cd6946f4bd9886e",
+    "generators/lib/templates/sqlite-template.js": "778b0e44514694e3e1a4e0a4ce5d9b6bb2e4f716e4769331a723dd9ad0b250e4",
+    "generators/lib/templates/dashboard-catalog.js": "7ab933e347c60eff7359ca621cd3f40d493641bcb25870d4150a9dbf740c2105",
+    "generators/lib/templates/dbschema-catalog.js": "779388a04c512ec24f8f7822b4d8feb3c20ad8d70787a3dc3478ece1df823daf",
+    "generators/lib/templates/field-validation-catalog.js": "85f925cfe158ce6c00f98dcecbcdf7c45971c5ec64d694b7707f784bdd1a650c",
+    "generators/lib/templates/query-declarative-catalog.js": "d60fb26d9336e0aa2913d94d14b79a0934ed8cc848013bbd6d77a5cdda32bf9f",
+    "generators/lib/templates/db-connection-env.js": "85cd3f5b68121294b32fc706b4578ba7581e1e1f8399eee2e656ab1dadb5adcf"
   },
   "stats": {
-    "totalFiles": 6,
-    "protectedFiles": 6,
+    "totalFiles": 18,
+    "protectedFiles": 18,
     "missingFiles": 0
+  },
+  "signature": {
+    "algorithm": "ed25519",
+    "keyId": "rfs-manifest-2026-05",
+    "value": "340f2df9ae9c75e0c51cee4be5dd7ac0ccc4a3daedc2fa732a24bbe9b4d3e35d7215358ca313d5dcbdd03b08bdd6242ed7e9f701907aad2fb2f91acf9cb92009",
+    "scope": "canonical-json(manifest-without-signature)"
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@restforgejs/platform",
-  "version": "4.1.1",
+  "version": "4.3.1",
   "description": "RESTForge Platform — Schema-driven backend framework and code generator for full-stack Node.js applications. Generates production backend APIs with multi-database support (PostgreSQL, MySQL, Oracle). A platform builder and backend runtime, not an API testing or client tool.",
   "main": "server.js",
   "bin": {
@@ -34,10 +34,18 @@
     "server.js",
     "cli/",
     "src/",
-    "scripts/",
+    "scripts/check-install.js",
+    "scripts/verify-integrity.js",
     "config/",
     "bin/",
-    "generators/",
+    "generators/cli-entry.js",
+    "generators/cli/",
+    "generators/lib/",
+    "generators/assets/",
+    "generators/payload/",
+    "generators/sync-version.js",
+    "generators/src/",
+    "generators/examples/",
     "integrity-manifest.json",
     "README.md",
     "LICENSE.md",