@rocicorp/zero 0.25.0-canary.8 → 0.25.0-canary.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/out/shared/src/deep-merge.d.ts +20 -3
- package/out/shared/src/deep-merge.d.ts.map +1 -1
- package/out/shared/src/deep-merge.js +27 -0
- package/out/shared/src/deep-merge.js.map +1 -0
- package/out/shared/src/logging.d.ts.map +1 -1
- package/out/shared/src/logging.js +25 -9
- package/out/shared/src/logging.js.map +1 -1
- package/out/shared/src/object-traversal.d.ts +19 -0
- package/out/shared/src/object-traversal.d.ts.map +1 -0
- package/out/shared/src/object-traversal.js +27 -0
- package/out/shared/src/object-traversal.js.map +1 -0
- package/out/zero/package.json.js +1 -1
- package/out/zero/src/pg.js +0 -2
- package/out/zero/src/pg.js.map +1 -1
- package/out/zero/src/server.js +0 -2
- package/out/zero/src/server.js.map +1 -1
- package/out/zero/src/zero.js +19 -3
- package/out/zero/src/zero.js.map +1 -1
- package/out/zero-cache/src/auth/jwt.d.ts +3 -0
- package/out/zero-cache/src/auth/jwt.d.ts.map +1 -1
- package/out/zero-cache/src/auth/jwt.js.map +1 -1
- package/out/zero-cache/src/auth/write-authorizer.d.ts +2 -1
- package/out/zero-cache/src/auth/write-authorizer.d.ts.map +1 -1
- package/out/zero-cache/src/auth/write-authorizer.js +1 -11
- package/out/zero-cache/src/auth/write-authorizer.js.map +1 -1
- package/out/zero-cache/src/config/zero-config.d.ts +27 -0
- package/out/zero-cache/src/config/zero-config.d.ts.map +1 -1
- package/out/zero-cache/src/config/zero-config.js +35 -7
- package/out/zero-cache/src/config/zero-config.js.map +1 -1
- package/out/zero-cache/src/custom/fetch.d.ts +5 -5
- package/out/zero-cache/src/custom/fetch.d.ts.map +1 -1
- package/out/zero-cache/src/custom/fetch.js +14 -11
- package/out/zero-cache/src/custom/fetch.js.map +1 -1
- package/out/zero-cache/src/custom-queries/transform-query.d.ts.map +1 -1
- package/out/zero-cache/src/custom-queries/transform-query.js +2 -4
- package/out/zero-cache/src/custom-queries/transform-query.js.map +1 -1
- package/out/zero-cache/src/db/specs.d.ts +1 -1
- package/out/zero-cache/src/server/change-streamer.d.ts.map +1 -1
- package/out/zero-cache/src/server/change-streamer.js +9 -9
- package/out/zero-cache/src/server/change-streamer.js.map +1 -1
- package/out/zero-cache/src/server/syncer.d.ts.map +1 -1
- package/out/zero-cache/src/server/syncer.js +20 -8
- package/out/zero-cache/src/server/syncer.js.map +1 -1
- package/out/zero-cache/src/services/analyze.d.ts +1 -1
- package/out/zero-cache/src/services/analyze.d.ts.map +1 -1
- package/out/zero-cache/src/services/analyze.js +10 -1
- package/out/zero-cache/src/services/analyze.js.map +1 -1
- package/out/zero-cache/src/services/change-source/pg/schema/ddl.d.ts +5 -5
- package/out/zero-cache/src/services/change-source/pg/schema/published.d.ts +2 -2
- package/out/zero-cache/src/services/change-source/pg/schema/shard.d.ts +1 -1
- package/out/zero-cache/src/services/change-streamer/change-streamer-http.d.ts +11 -2
- package/out/zero-cache/src/services/change-streamer/change-streamer-http.d.ts.map +1 -1
- package/out/zero-cache/src/services/change-streamer/change-streamer-http.js +36 -0
- package/out/zero-cache/src/services/change-streamer/change-streamer-http.js.map +1 -1
- package/out/zero-cache/src/services/http-service.d.ts +5 -4
- package/out/zero-cache/src/services/http-service.d.ts.map +1 -1
- package/out/zero-cache/src/services/http-service.js +15 -10
- package/out/zero-cache/src/services/http-service.js.map +1 -1
- package/out/zero-cache/src/services/mutagen/mutagen.d.ts +2 -1
- package/out/zero-cache/src/services/mutagen/mutagen.d.ts.map +1 -1
- package/out/zero-cache/src/services/mutagen/mutagen.js +3 -2
- package/out/zero-cache/src/services/mutagen/mutagen.js.map +1 -1
- package/out/zero-cache/src/services/mutagen/pusher.d.ts +198 -0
- package/out/zero-cache/src/services/mutagen/pusher.d.ts.map +1 -1
- package/out/zero-cache/src/services/mutagen/pusher.js +5 -5
- package/out/zero-cache/src/services/mutagen/pusher.js.map +1 -1
- package/out/zero-cache/src/services/run-ast.d.ts +4 -0
- package/out/zero-cache/src/services/run-ast.d.ts.map +1 -1
- package/out/zero-cache/src/services/run-ast.js +8 -1
- package/out/zero-cache/src/services/run-ast.js.map +1 -1
- package/out/zero-cache/src/services/view-syncer/inspect-handler.d.ts.map +1 -1
- package/out/zero-cache/src/services/view-syncer/inspect-handler.js +2 -1
- package/out/zero-cache/src/services/view-syncer/inspect-handler.js.map +1 -1
- package/out/zero-cache/src/services/view-syncer/pipeline-driver.d.ts.map +1 -1
- package/out/zero-cache/src/services/view-syncer/pipeline-driver.js +15 -8
- package/out/zero-cache/src/services/view-syncer/pipeline-driver.js.map +1 -1
- package/out/zero-cache/src/services/view-syncer/schema/types.d.ts +4 -4
- package/out/zero-cache/src/services/view-syncer/view-syncer.d.ts.map +1 -1
- package/out/zero-cache/src/services/view-syncer/view-syncer.js +48 -25
- package/out/zero-cache/src/services/view-syncer/view-syncer.js.map +1 -1
- package/out/zero-cache/src/workers/connection.js +20 -15
- package/out/zero-cache/src/workers/connection.js.map +1 -1
- package/out/zero-cache/src/workers/syncer.d.ts.map +1 -1
- package/out/zero-cache/src/workers/syncer.js +3 -3
- package/out/zero-cache/src/workers/syncer.js.map +1 -1
- package/out/zero-client/src/client/bindings.d.ts +4 -4
- package/out/zero-client/src/client/bindings.d.ts.map +1 -1
- package/out/zero-client/src/client/bindings.js.map +1 -1
- package/out/zero-client/src/client/connection.d.ts +1 -1
- package/out/zero-client/src/client/connection.d.ts.map +1 -1
- package/out/zero-client/src/client/connection.js +1 -1
- package/out/zero-client/src/client/connection.js.map +1 -1
- package/out/zero-client/src/client/crud.d.ts +7 -5
- package/out/zero-client/src/client/crud.d.ts.map +1 -1
- package/out/zero-client/src/client/crud.js +7 -7
- package/out/zero-client/src/client/crud.js.map +1 -1
- package/out/zero-client/src/client/custom.d.ts +7 -5
- package/out/zero-client/src/client/custom.d.ts.map +1 -1
- package/out/zero-client/src/client/custom.js +12 -7
- package/out/zero-client/src/client/custom.js.map +1 -1
- package/out/zero-client/src/client/inspector/inspector.d.ts +5 -1
- package/out/zero-client/src/client/inspector/inspector.d.ts.map +1 -1
- package/out/zero-client/src/client/inspector/inspector.js +7 -0
- package/out/zero-client/src/client/inspector/inspector.js.map +1 -1
- package/out/zero-client/src/client/inspector/lazy-inspector.d.ts.map +1 -1
- package/out/zero-client/src/client/inspector/lazy-inspector.js +13 -13
- package/out/zero-client/src/client/inspector/lazy-inspector.js.map +1 -1
- package/out/zero-client/src/client/make-mutate-property.d.ts +43 -0
- package/out/zero-client/src/client/make-mutate-property.d.ts.map +1 -0
- package/out/zero-client/src/client/make-mutate-property.js +38 -0
- package/out/zero-client/src/client/make-mutate-property.js.map +1 -0
- package/out/zero-client/src/client/make-replicache-mutators.d.ts +34 -0
- package/out/zero-client/src/client/make-replicache-mutators.d.ts.map +1 -0
- package/out/zero-client/src/client/make-replicache-mutators.js +103 -0
- package/out/zero-client/src/client/make-replicache-mutators.js.map +1 -0
- package/out/zero-client/src/client/options.d.ts +39 -27
- package/out/zero-client/src/client/options.d.ts.map +1 -1
- package/out/zero-client/src/client/options.js.map +1 -1
- package/out/zero-client/src/client/version.js +1 -1
- package/out/zero-client/src/client/zero.d.ts +23 -33
- package/out/zero-client/src/client/zero.d.ts.map +1 -1
- package/out/zero-client/src/client/zero.js +52 -118
- package/out/zero-client/src/client/zero.js.map +1 -1
- package/out/zero-client/src/mod.d.ts +12 -7
- package/out/zero-client/src/mod.d.ts.map +1 -1
- package/out/zero-protocol/src/analyze-query-result.d.ts +236 -0
- package/out/zero-protocol/src/analyze-query-result.d.ts.map +1 -1
- package/out/zero-protocol/src/analyze-query-result.js +128 -2
- package/out/zero-protocol/src/analyze-query-result.js.map +1 -1
- package/out/zero-protocol/src/ast.d.ts +1 -1
- package/out/zero-protocol/src/connect.d.ts.map +1 -1
- package/out/zero-protocol/src/connect.js +4 -0
- package/out/zero-protocol/src/connect.js.map +1 -1
- package/out/zero-protocol/src/custom-queries.d.ts +1 -1
- package/out/zero-protocol/src/down.d.ts +99 -0
- package/out/zero-protocol/src/down.d.ts.map +1 -1
- package/out/zero-protocol/src/error.d.ts +4 -4
- package/out/zero-protocol/src/inspect-down.d.ts +297 -0
- package/out/zero-protocol/src/inspect-down.d.ts.map +1 -1
- package/out/zero-protocol/src/inspect-up.d.ts +4 -0
- package/out/zero-protocol/src/inspect-up.d.ts.map +1 -1
- package/out/zero-protocol/src/inspect-up.js +2 -1
- package/out/zero-protocol/src/inspect-up.js.map +1 -1
- package/out/zero-protocol/src/protocol-version.d.ts +1 -1
- package/out/zero-protocol/src/protocol-version.d.ts.map +1 -1
- package/out/zero-protocol/src/protocol-version.js +1 -1
- package/out/zero-protocol/src/protocol-version.js.map +1 -1
- package/out/zero-protocol/src/push.d.ts +1 -1
- package/out/zero-protocol/src/up.d.ts +1 -0
- package/out/zero-protocol/src/up.d.ts.map +1 -1
- package/out/zero-react/src/components/inspector.d.ts +3 -2
- package/out/zero-react/src/components/inspector.d.ts.map +1 -1
- package/out/zero-react/src/components/inspector.js.map +1 -1
- package/out/zero-react/src/components/zero-inspector.d.ts +3 -2
- package/out/zero-react/src/components/zero-inspector.d.ts.map +1 -1
- package/out/zero-react/src/components/zero-inspector.js.map +1 -1
- package/out/zero-react/src/use-query.d.ts +5 -4
- package/out/zero-react/src/use-query.d.ts.map +1 -1
- package/out/zero-react/src/use-query.js +4 -3
- package/out/zero-react/src/use-query.js.map +1 -1
- package/out/zero-react/src/zero-provider.d.ts +7 -7
- package/out/zero-react/src/zero-provider.d.ts.map +1 -1
- package/out/zero-react/src/zero-provider.js.map +1 -1
- package/out/zero-schema/src/builder/schema-builder.js +1 -1
- package/out/zero-schema/src/builder/schema-builder.js.map +1 -1
- package/out/zero-server/src/custom.d.ts +4 -5
- package/out/zero-server/src/custom.d.ts.map +1 -1
- package/out/zero-server/src/custom.js.map +1 -1
- package/out/zero-server/src/mod.d.ts +0 -1
- package/out/zero-server/src/mod.d.ts.map +1 -1
- package/out/zero-server/src/process-mutations.d.ts +9 -14
- package/out/zero-server/src/process-mutations.d.ts.map +1 -1
- package/out/zero-server/src/process-mutations.js +151 -105
- package/out/zero-server/src/process-mutations.js.map +1 -1
- package/out/zero-server/src/push-processor.d.ts +5 -3
- package/out/zero-server/src/push-processor.d.ts.map +1 -1
- package/out/zero-server/src/push-processor.js +17 -25
- package/out/zero-server/src/push-processor.js.map +1 -1
- package/out/zero-server/src/queries/process-queries.js +1 -1
- package/out/zero-server/src/queries/process-queries.js.map +1 -1
- package/out/zero-server/src/zql-database.d.ts.map +1 -1
- package/out/zero-server/src/zql-database.js +1 -1
- package/out/zero-server/src/zql-database.js.map +1 -1
- package/out/zero-solid/src/use-query.d.ts +3 -3
- package/out/zero-solid/src/use-query.d.ts.map +1 -1
- package/out/zero-solid/src/use-query.js +27 -38
- package/out/zero-solid/src/use-query.js.map +1 -1
- package/out/zero-solid/src/use-zero-connection-state.d.ts.map +1 -1
- package/out/zero-solid/src/use-zero-connection-state.js +7 -5
- package/out/zero-solid/src/use-zero-connection-state.js.map +1 -1
- package/out/zero-solid/src/use-zero-online.d.ts.map +1 -1
- package/out/zero-solid/src/use-zero-online.js +7 -5
- package/out/zero-solid/src/use-zero-online.js.map +1 -1
- package/out/zero-solid/src/use-zero.d.ts +6 -5
- package/out/zero-solid/src/use-zero.d.ts.map +1 -1
- package/out/zero-solid/src/use-zero.js +2 -6
- package/out/zero-solid/src/use-zero.js.map +1 -1
- package/out/zql/src/builder/builder.d.ts +2 -1
- package/out/zql/src/builder/builder.d.ts.map +1 -1
- package/out/zql/src/builder/builder.js +4 -3
- package/out/zql/src/builder/builder.js.map +1 -1
- package/out/zql/src/mutate/custom.d.ts +15 -6
- package/out/zql/src/mutate/custom.d.ts.map +1 -1
- package/out/zql/src/mutate/custom.js +6 -6
- package/out/zql/src/mutate/custom.js.map +1 -1
- package/out/zql/src/mutate/mutator-registry.d.ts +142 -0
- package/out/zql/src/mutate/mutator-registry.d.ts.map +1 -0
- package/out/zql/src/mutate/mutator-registry.js +97 -0
- package/out/zql/src/mutate/mutator-registry.js.map +1 -0
- package/out/zql/src/mutate/mutator.d.ts +98 -0
- package/out/zql/src/mutate/mutator.d.ts.map +1 -0
- package/out/zql/src/mutate/mutator.js +35 -0
- package/out/zql/src/mutate/mutator.js.map +1 -0
- package/out/zql/src/planner/planner-connection.d.ts +7 -15
- package/out/zql/src/planner/planner-connection.d.ts.map +1 -1
- package/out/zql/src/planner/planner-connection.js +30 -24
- package/out/zql/src/planner/planner-connection.js.map +1 -1
- package/out/zql/src/planner/planner-debug.d.ts +37 -43
- package/out/zql/src/planner/planner-debug.d.ts.map +1 -1
- package/out/zql/src/planner/planner-debug.js +242 -0
- package/out/zql/src/planner/planner-debug.js.map +1 -0
- package/out/zql/src/planner/planner-fan-in.d.ts.map +1 -1
- package/out/zql/src/planner/planner-fan-in.js +11 -8
- package/out/zql/src/planner/planner-fan-in.js.map +1 -1
- package/out/zql/src/planner/planner-fan-out.d.ts.map +1 -1
- package/out/zql/src/planner/planner-fan-out.js +11 -8
- package/out/zql/src/planner/planner-fan-out.js.map +1 -1
- package/out/zql/src/planner/planner-graph.d.ts.map +1 -1
- package/out/zql/src/planner/planner-graph.js +13 -5
- package/out/zql/src/planner/planner-graph.js.map +1 -1
- package/out/zql/src/planner/planner-join.d.ts.map +1 -1
- package/out/zql/src/planner/planner-join.js +12 -9
- package/out/zql/src/planner/planner-join.js.map +1 -1
- package/out/zql/src/planner/planner-node.d.ts +4 -0
- package/out/zql/src/planner/planner-node.d.ts.map +1 -1
- package/out/zql/src/planner/planner-node.js +8 -0
- package/out/zql/src/planner/planner-node.js.map +1 -0
- package/out/zql/src/query/create-builder.d.ts +7 -0
- package/out/zql/src/query/create-builder.d.ts.map +1 -0
- package/out/zql/src/query/create-builder.js +44 -0
- package/out/zql/src/query/create-builder.js.map +1 -0
- package/out/zql/src/query/named.d.ts +1 -7
- package/out/zql/src/query/named.d.ts.map +1 -1
- package/out/zql/src/query/named.js +0 -21
- package/out/zql/src/query/named.js.map +1 -1
- package/out/zql/src/query/query-impl.d.ts +4 -3
- package/out/zql/src/query/query-impl.d.ts.map +1 -1
- package/out/zql/src/query/query-impl.js +3 -0
- package/out/zql/src/query/query-impl.js.map +1 -1
- package/out/zql/src/query/query-internals.js +0 -4
- package/out/zql/src/query/query-internals.js.map +1 -1
- package/out/zql/src/query/query-registry.d.ts +253 -0
- package/out/zql/src/query/query-registry.d.ts.map +1 -0
- package/out/zql/src/query/query-registry.js +131 -0
- package/out/zql/src/query/query-registry.js.map +1 -0
- package/out/zql/src/query/query.d.ts +16 -1
- package/out/zql/src/query/query.d.ts.map +1 -1
- package/out/zql/src/query/schema-query.d.ts +6 -0
- package/out/zql/src/query/schema-query.d.ts.map +1 -0
- package/out/zql/src/query/validate-input.js +12 -13
- package/out/zql/src/query/validate-input.js.map +1 -1
- package/package.json +2 -1
- package/out/zero-server/src/query-registry.d.ts +0 -10
- package/out/zero-server/src/query-registry.d.ts.map +0 -1
- package/out/zero-server/src/query-registry.js +0 -35
- package/out/zero-server/src/query-registry.js.map +0 -1
- package/out/zql/src/query/define-query.d.ts +0 -75
- package/out/zql/src/query/define-query.d.ts.map +0 -1
- package/out/zql/src/query/define-query.js +0 -47
- package/out/zql/src/query/define-query.js.map +0 -1
- package/out/zql/src/query/query-definitions.d.ts +0 -32
- package/out/zql/src/query/query-definitions.d.ts.map +0 -1
|
@@ -1,9 +1,26 @@
|
|
|
1
|
-
type IsPlainObject<T> = T extends object ? T extends Function | unknown[] ? false : true : false;
|
|
2
1
|
type Simplify<T> = {
|
|
3
2
|
[K in keyof T]: T[K];
|
|
4
3
|
} & {};
|
|
5
|
-
|
|
6
|
-
|
|
4
|
+
type IsPlainObject<T> = T extends object ? T extends Function | readonly unknown[] ? false : true : false;
|
|
5
|
+
type MergeValue<A, B> = IsPlainObject<A> extends true ? IsPlainObject<B> extends true ? DeepMerge<A & {}, B & {}> : B : B;
|
|
6
|
+
/**
|
|
7
|
+
* Type-level deep merge of two object types. Properties from B override
|
|
8
|
+
* properties from A. When both A[K] and B[K] are objects (not arrays or
|
|
9
|
+
* functions), they are recursively merged.
|
|
10
|
+
*/
|
|
11
|
+
export type DeepMerge<A, B> = Simplify<Omit<A, keyof B> & {
|
|
12
|
+
[K in keyof B]: K extends keyof A ? MergeValue<A[K], B[K]> : B[K];
|
|
7
13
|
}>;
|
|
14
|
+
/**
|
|
15
|
+
* Deep merges two objects. Properties from `b` override properties from `a`.
|
|
16
|
+
* Nested objects are recursively merged.
|
|
17
|
+
*
|
|
18
|
+
* @param a - The base object.
|
|
19
|
+
* @param b - The object to merge into `a`.
|
|
20
|
+
* @param isLeaf - Optional predicate to determine if a value should be treated
|
|
21
|
+
* as a leaf (not recursed into). Defaults to checking if the value is not a
|
|
22
|
+
* plain object.
|
|
23
|
+
*/
|
|
24
|
+
export declare function deepMerge<A extends Record<string, unknown>, B extends Record<string, unknown>>(a: A, b: B, isLeaf?: (value: unknown) => boolean): DeepMerge<A, B>;
|
|
8
25
|
export {};
|
|
9
26
|
//# sourceMappingURL=deep-merge.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deep-merge.d.ts","sourceRoot":"","sources":["../../../../shared/src/deep-merge.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"deep-merge.d.ts","sourceRoot":"","sources":["../../../../shared/src/deep-merge.ts"],"names":[],"mappings":"AACA,KAAK,QAAQ,CAAC,CAAC,IAAI;KAAE,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAAC,GAAG,EAAE,CAAC;AAG/C,KAAK,aAAa,CAAC,CAAC,IAAI,CAAC,SAAS,MAAM,GACpC,CAAC,SAAS,QAAQ,GAAG,SAAS,OAAO,EAAE,GACrC,KAAK,GACL,IAAI,GACN,KAAK,CAAC;AAGV,KAAK,UAAU,CAAC,CAAC,EAAE,CAAC,IAClB,aAAa,CAAC,CAAC,CAAC,SAAS,IAAI,GACzB,aAAa,CAAC,CAAC,CAAC,SAAS,IAAI,GAC3B,SAAS,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,GACzB,CAAC,GACH,CAAC,CAAC;AAER;;;;GAIG;AACH,MAAM,MAAM,SAAS,CAAC,CAAC,EAAE,CAAC,IAAI,QAAQ,CACpC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,GAAG;KAChB,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,SAAS,MAAM,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAClE,CACF,CAAC;AAMF;;;;;;;;;GASG;AACH,wBAAgB,SAAS,CACvB,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAEjC,CAAC,EAAE,CAAC,EACJ,CAAC,EAAE,CAAC,EACJ,MAAM,GAAE,CAAC,KAAK,EAAE,OAAO,KAAK,OAAgC,GAC3D,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAyBjB"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
function isPlainObject(value) {
|
|
2
|
+
return typeof value === "object" && value !== null;
|
|
3
|
+
}
|
|
4
|
+
function deepMerge(a, b, isLeaf = (v) => !isPlainObject(v)) {
|
|
5
|
+
const result = {};
|
|
6
|
+
for (const key of Object.keys(a)) {
|
|
7
|
+
result[key] = a[key];
|
|
8
|
+
}
|
|
9
|
+
for (const key of Object.keys(b)) {
|
|
10
|
+
const aVal = a[key];
|
|
11
|
+
const bVal = b[key];
|
|
12
|
+
if (key in a && !isLeaf(aVal) && !isLeaf(bVal)) {
|
|
13
|
+
result[key] = deepMerge(
|
|
14
|
+
aVal,
|
|
15
|
+
bVal,
|
|
16
|
+
isLeaf
|
|
17
|
+
);
|
|
18
|
+
} else {
|
|
19
|
+
result[key] = bVal;
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
return result;
|
|
23
|
+
}
|
|
24
|
+
export {
|
|
25
|
+
deepMerge
|
|
26
|
+
};
|
|
27
|
+
//# sourceMappingURL=deep-merge.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"deep-merge.js","sources":["../../../../shared/src/deep-merge.ts"],"sourcesContent":["// Force TypeScript to evaluate/flatten a type\ntype Simplify<T> = {[K in keyof T]: T[K]} & {};\n\n// Helper to check if T is a plain object (not array or function)\ntype IsPlainObject<T> = T extends object\n ? T extends Function | readonly unknown[]\n ? false\n : true\n : false;\n\n// Merge when both are plain objects, otherwise B wins\ntype MergeValue<A, B> =\n IsPlainObject<A> extends true\n ? IsPlainObject<B> extends true\n ? DeepMerge<A & {}, B & {}>\n : B\n : B;\n\n/**\n * Type-level deep merge of two object types. Properties from B override\n * properties from A. When both A[K] and B[K] are objects (not arrays or\n * functions), they are recursively merged.\n */\nexport type DeepMerge<A, B> = Simplify<\n Omit<A, keyof B> & {\n [K in keyof B]: K extends keyof A ? MergeValue<A[K], B[K]> : B[K];\n }\n>;\n\nfunction isPlainObject(value: unknown): value is Record<string, unknown> {\n return typeof value === 'object' && value !== null;\n}\n\n/**\n * Deep merges two objects. Properties from `b` override properties from `a`.\n * Nested objects are recursively merged.\n *\n * @param a - The base object.\n * @param b - The object to merge into `a`.\n * @param isLeaf - Optional predicate to determine if a value should be treated\n * as a leaf (not recursed into). Defaults to checking if the value is not a\n * plain object.\n */\nexport function deepMerge<\n A extends Record<string, unknown>,\n B extends Record<string, unknown>,\n>(\n a: A,\n b: B,\n isLeaf: (value: unknown) => boolean = v => !isPlainObject(v),\n): DeepMerge<A, B> {\n const result: Record<string, unknown> = {};\n\n // Copy all keys from a\n for (const key of Object.keys(a)) {\n result[key] = a[key];\n }\n\n // Merge/override with keys from b\n for (const key of Object.keys(b)) {\n const aVal = a[key];\n const bVal = b[key];\n\n if (key in a && !isLeaf(aVal) && !isLeaf(bVal)) {\n result[key] = deepMerge(\n aVal as Record<string, unknown>,\n bVal as Record<string, unknown>,\n isLeaf,\n );\n } else {\n result[key] = bVal;\n }\n }\n\n return result as DeepMerge<A, B>;\n}\n"],"names":[],"mappings":"AA6BA,SAAS,cAAc,OAAkD;AACvE,SAAO,OAAO,UAAU,YAAY,UAAU;AAChD;AAYO,SAAS,UAId,GACA,GACA,SAAsC,OAAK,CAAC,cAAc,CAAC,GAC1C;AACjB,QAAM,SAAkC,CAAA;AAGxC,aAAW,OAAO,OAAO,KAAK,CAAC,GAAG;AAChC,WAAO,GAAG,IAAI,EAAE,GAAG;AAAA,EACrB;AAGA,aAAW,OAAO,OAAO,KAAK,CAAC,GAAG;AAChC,UAAM,OAAO,EAAE,GAAG;AAClB,UAAM,OAAO,EAAE,GAAG;AAElB,QAAI,OAAO,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,IAAI,GAAG;AAC9C,aAAO,GAAG,IAAI;AAAA,QACZ;AAAA,QACA;AAAA,QACA;AAAA,MAAA;AAAA,IAEJ,OAAO;AACL,aAAO,GAAG,IAAI;AAAA,IAChB;AAAA,EACF;AAEA,SAAO;AACT;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logging.d.ts","sourceRoot":"","sources":["../../../../shared/src/logging.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,UAAU,EACV,KAAK,QAAQ,EACb,KAAK,OAAO,EACb,MAAM,kBAAkB,CAAC;AAK1B,MAAM,MAAM,SAAS,GAAG;IACtB,KAAK,EAAE,QAAQ,CAAC;IAChB,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CACzB,CAAC;AAQF;;;GAGG;AACH,eAAO,MAAM,YAAY;mBACR,OAAO,EAAE;qBAGP,OAAO,EAAE;oBAGV,OAAO,EAAE;oBAGT,OAAO,EAAE;qBAGR,OAAO,EAAE;CAG3B,CAAC;AAEF,eAAO,MAAM,WAAW,EAAE,
|
|
1
|
+
{"version":3,"file":"logging.d.ts","sourceRoot":"","sources":["../../../../shared/src/logging.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,UAAU,EACV,KAAK,QAAQ,EACb,KAAK,OAAO,EACb,MAAM,kBAAkB,CAAC;AAK1B,MAAM,MAAM,SAAS,GAAG;IACtB,KAAK,EAAE,QAAQ,CAAC;IAChB,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CACzB,CAAC;AAQF;;;GAGG;AACH,eAAO,MAAM,YAAY;mBACR,OAAO,EAAE;qBAGP,OAAO,EAAE;oBAGV,OAAO,EAAE;oBAGT,OAAO,EAAE;qBAGR,OAAO,EAAE;CAG3B,CAAC;AAEF,eAAO,MAAM,WAAW,EAAE,OAQzB,CAAC;AA4BF,wBAAgB,UAAU,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAErD;AAED,wBAAgB,gBAAgB,CAC9B,EAAC,GAAG,EAAC,EAAE;IAAC,GAAG,EAAE,SAAS,CAAA;CAAC,EACvB,OAAO,KAAK,EACZ,IAAI,sDAAkB,GACrB,UAAU,CAOZ;AA0BD,wBAAgB,aAAa,CAAC,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAQ5D"}
|
|
@@ -26,9 +26,19 @@ const colorConsole = {
|
|
|
26
26
|
};
|
|
27
27
|
const consoleSink = {
|
|
28
28
|
log(level, context, ...args) {
|
|
29
|
-
colorConsole[level](
|
|
29
|
+
colorConsole[level](
|
|
30
|
+
toLocalIsoString(),
|
|
31
|
+
stringifyContext(context),
|
|
32
|
+
...args.map(stringifyValue)
|
|
33
|
+
);
|
|
30
34
|
}
|
|
31
35
|
};
|
|
36
|
+
function toLocalIsoString(date = /* @__PURE__ */ new Date()) {
|
|
37
|
+
const tzo = -date.getTimezoneOffset();
|
|
38
|
+
const sign = tzo >= 0 ? "+" : "-";
|
|
39
|
+
const pad = (n, len = 2) => String(Math.abs(n)).padStart(len, "0");
|
|
40
|
+
return date.getFullYear() + "-" + pad(date.getMonth() + 1) + "-" + pad(date.getDate()) + "T" + pad(date.getHours()) + ":" + pad(date.getMinutes()) + ":" + pad(date.getSeconds()) + "." + pad(date.getMilliseconds(), 3) + sign + pad(tzo / 60) + ":" + pad(tzo % 60);
|
|
41
|
+
}
|
|
32
42
|
function getLogSink(config) {
|
|
33
43
|
return config.format === "json" ? consoleJsonLogSink : consoleSink;
|
|
34
44
|
}
|
|
@@ -59,20 +69,23 @@ const consoleJsonLogSink = {
|
|
|
59
69
|
};
|
|
60
70
|
function errorOrObject(v) {
|
|
61
71
|
if (v instanceof Error) {
|
|
62
|
-
return
|
|
63
|
-
...v,
|
|
64
|
-
// some properties of Error subclasses may be enumerable
|
|
65
|
-
name: v.name,
|
|
66
|
-
errorMsg: v.message,
|
|
67
|
-
stack: v.stack,
|
|
68
|
-
..."cause" in v ? { cause: errorOrObject(v.cause) } : null
|
|
69
|
-
};
|
|
72
|
+
return toErrorLogObject(v);
|
|
70
73
|
}
|
|
71
74
|
if (v && typeof v === "object") {
|
|
72
75
|
return v;
|
|
73
76
|
}
|
|
74
77
|
return void 0;
|
|
75
78
|
}
|
|
79
|
+
function toErrorLogObject(v) {
|
|
80
|
+
return {
|
|
81
|
+
...v,
|
|
82
|
+
// some properties of Error subclasses may be enumerable
|
|
83
|
+
name: v.name,
|
|
84
|
+
errorMsg: v.message,
|
|
85
|
+
stack: v.stack,
|
|
86
|
+
..."cause" in v ? { cause: errorOrObject(v.cause) } : null
|
|
87
|
+
};
|
|
88
|
+
}
|
|
76
89
|
function stringifyContext(context) {
|
|
77
90
|
const args = [];
|
|
78
91
|
for (const [k, v] of Object.entries(context ?? {})) {
|
|
@@ -85,6 +98,9 @@ function stringifyValue(v) {
|
|
|
85
98
|
if (typeof v === "string") {
|
|
86
99
|
return v;
|
|
87
100
|
}
|
|
101
|
+
if (v instanceof Error) {
|
|
102
|
+
return stringify(toErrorLogObject(v));
|
|
103
|
+
}
|
|
88
104
|
return stringify(v);
|
|
89
105
|
}
|
|
90
106
|
export {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logging.js","sources":["../../../../shared/src/logging.ts"],"sourcesContent":["/* oxlint-disable no-console */\nimport {\n type Context,\n LogContext,\n type LogLevel,\n type LogSink,\n} from '@rocicorp/logger';\nimport chalk from 'chalk';\nimport {pid} from 'node:process';\nimport {stringify} from './bigint-json.ts';\n\nexport type LogConfig = {\n level: LogLevel;\n format: 'text' | 'json';\n};\n\nconst colors = {\n debug: chalk.grey,\n warn: chalk.yellow,\n error: chalk.red,\n};\n\n/**\n * Returns an object for writing colorized output to a provided console.\n * Note this should only be used when console is a TTY (i.e., Node).\n */\nexport const colorConsole = {\n log: (...args: unknown[]) => {\n console.log(...args);\n },\n debug: (...args: unknown[]) => {\n console.debug(colors.debug(...args));\n },\n info: (...args: unknown[]) => {\n console.info(...args);\n },\n warn: (...args: unknown[]) => {\n console.warn(colors.warn(...args));\n },\n error: (...args: unknown[]) => {\n console.error(colors.error(...args));\n },\n};\n\nexport const consoleSink: LogSink = {\n log(level, context, ...args) {\n colorConsole[level](stringifyContext(context)
|
|
1
|
+
{"version":3,"file":"logging.js","sources":["../../../../shared/src/logging.ts"],"sourcesContent":["/* oxlint-disable no-console */\nimport {\n type Context,\n LogContext,\n type LogLevel,\n type LogSink,\n} from '@rocicorp/logger';\nimport chalk from 'chalk';\nimport {pid} from 'node:process';\nimport {stringify} from './bigint-json.ts';\n\nexport type LogConfig = {\n level: LogLevel;\n format: 'text' | 'json';\n};\n\nconst colors = {\n debug: chalk.grey,\n warn: chalk.yellow,\n error: chalk.red,\n};\n\n/**\n * Returns an object for writing colorized output to a provided console.\n * Note this should only be used when console is a TTY (i.e., Node).\n */\nexport const colorConsole = {\n log: (...args: unknown[]) => {\n console.log(...args);\n },\n debug: (...args: unknown[]) => {\n console.debug(colors.debug(...args));\n },\n info: (...args: unknown[]) => {\n console.info(...args);\n },\n warn: (...args: unknown[]) => {\n console.warn(colors.warn(...args));\n },\n error: (...args: unknown[]) => {\n console.error(colors.error(...args));\n },\n};\n\nexport const consoleSink: LogSink = {\n log(level, context, ...args) {\n colorConsole[level](\n toLocalIsoString(),\n stringifyContext(context),\n ...args.map(stringifyValue),\n );\n },\n};\n\nfunction toLocalIsoString(date = new Date()) {\n const tzo = -date.getTimezoneOffset();\n const sign = tzo >= 0 ? '+' : '-';\n const pad = (n: number, len = 2) => String(Math.abs(n)).padStart(len, '0');\n\n return (\n date.getFullYear() +\n '-' +\n pad(date.getMonth() + 1) +\n '-' +\n pad(date.getDate()) +\n 'T' +\n pad(date.getHours()) +\n ':' +\n pad(date.getMinutes()) +\n ':' +\n pad(date.getSeconds()) +\n '.' +\n pad(date.getMilliseconds(), 3) +\n sign +\n pad(tzo / 60) +\n ':' +\n pad(tzo % 60)\n );\n}\n\nexport function getLogSink(config: LogConfig): LogSink {\n return config.format === 'json' ? consoleJsonLogSink : consoleSink;\n}\n\nexport function createLogContext(\n {log}: {log: LogConfig},\n context = {},\n sink = getLogSink(log),\n): LogContext {\n const ctx = {pid, ...context};\n const lc = new LogContext(log.level, ctx, sink);\n // Emit a blank line to absorb random ANSI control code garbage that\n // for some reason gets prepended to the first log line in CloudWatch.\n lc.info?.('');\n return lc;\n}\n\nconst consoleJsonLogSink: LogSink = {\n log(level: LogLevel, context: Context | undefined, ...args: unknown[]): void {\n // If the last arg is an object or an Error, combine those fields into the message.\n const lastObj = errorOrObject(args.at(-1));\n if (lastObj) {\n args.pop();\n }\n const message = args.length\n ? {\n message: args.map(stringifyValue).join(' '),\n }\n : undefined;\n\n console[level](\n stringify({\n level: level.toUpperCase(),\n ...context,\n ...lastObj,\n ...message,\n }),\n );\n },\n};\n\nexport function errorOrObject(v: unknown): object | undefined {\n if (v instanceof Error) {\n return toErrorLogObject(v);\n }\n if (v && typeof v === 'object') {\n return v;\n }\n return undefined;\n}\n\nfunction toErrorLogObject(v: Error) {\n return {\n ...v, // some properties of Error subclasses may be enumerable\n name: v.name,\n errorMsg: v.message,\n stack: v.stack,\n ...('cause' in v ? {cause: errorOrObject(v.cause)} : null),\n };\n}\n\nfunction stringifyContext(context: Context | undefined): unknown[] {\n const args = [];\n for (const [k, v] of Object.entries(context ?? {})) {\n const arg = v === undefined ? k : `${k}=${v}`;\n args.push(arg);\n }\n return args;\n}\n\nfunction stringifyValue(v: unknown) {\n if (typeof v === 'string') {\n return v;\n }\n if (v instanceof Error) {\n return stringify(toErrorLogObject(v));\n }\n return stringify(v);\n}\n"],"names":[],"mappings":";;;;AAgBA,MAAM,SAAS;AAAA,EACb,OAAO,MAAM;AAAA,EACb,MAAM,MAAM;AAAA,EACZ,OAAO,MAAM;AACf;AAMO,MAAM,eAAe;AAAA,EAC1B,KAAK,IAAI,SAAoB;AAC3B,YAAQ,IAAI,GAAG,IAAI;AAAA,EACrB;AAAA,EACA,OAAO,IAAI,SAAoB;AAC7B,YAAQ,MAAM,OAAO,MAAM,GAAG,IAAI,CAAC;AAAA,EACrC;AAAA,EACA,MAAM,IAAI,SAAoB;AAC5B,YAAQ,KAAK,GAAG,IAAI;AAAA,EACtB;AAAA,EACA,MAAM,IAAI,SAAoB;AAC5B,YAAQ,KAAK,OAAO,KAAK,GAAG,IAAI,CAAC;AAAA,EACnC;AAAA,EACA,OAAO,IAAI,SAAoB;AAC7B,YAAQ,MAAM,OAAO,MAAM,GAAG,IAAI,CAAC;AAAA,EACrC;AACF;AAEO,MAAM,cAAuB;AAAA,EAClC,IAAI,OAAO,YAAY,MAAM;AAC3B,iBAAa,KAAK;AAAA,MAChB,iBAAA;AAAA,MACA,iBAAiB,OAAO;AAAA,MACxB,GAAG,KAAK,IAAI,cAAc;AAAA,IAAA;AAAA,EAE9B;AACF;AAEA,SAAS,iBAAiB,OAAO,oBAAI,QAAQ;AAC3C,QAAM,MAAM,CAAC,KAAK,kBAAA;AAClB,QAAM,OAAO,OAAO,IAAI,MAAM;AAC9B,QAAM,MAAM,CAAC,GAAW,MAAM,MAAM,OAAO,KAAK,IAAI,CAAC,CAAC,EAAE,SAAS,KAAK,GAAG;AAEzE,SACE,KAAK,gBACL,MACA,IAAI,KAAK,SAAA,IAAa,CAAC,IACvB,MACA,IAAI,KAAK,SAAS,IAClB,MACA,IAAI,KAAK,SAAA,CAAU,IACnB,MACA,IAAI,KAAK,YAAY,IACrB,MACA,IAAI,KAAK,WAAA,CAAY,IACrB,MACA,IAAI,KAAK,mBAAmB,CAAC,IAC7B,OACA,IAAI,MAAM,EAAE,IACZ,MACA,IAAI,MAAM,EAAE;AAEhB;AAEO,SAAS,WAAW,QAA4B;AACrD,SAAO,OAAO,WAAW,SAAS,qBAAqB;AACzD;AAEO,SAAS,iBACd,EAAC,IAAA,GACD,UAAU,CAAA,GACV,OAAO,WAAW,GAAG,GACT;AACZ,QAAM,MAAM,EAAC,KAAK,GAAG,QAAA;AACrB,QAAM,KAAK,IAAI,WAAW,IAAI,OAAO,KAAK,IAAI;AAG9C,KAAG,OAAO,EAAE;AACZ,SAAO;AACT;AAEA,MAAM,qBAA8B;AAAA,EAClC,IAAI,OAAiB,YAAiC,MAAuB;AAE3E,UAAM,UAAU,cAAc,KAAK,GAAG,EAAE,CAAC;AACzC,QAAI,SAAS;AACX,WAAK,IAAA;AAAA,IACP;AACA,UAAM,UAAU,KAAK,SACjB;AAAA,MACE,SAAS,KAAK,IAAI,cAAc,EAAE,KAAK,GAAG;AAAA,IAAA,IAE5C;AAEJ,YAAQ,KAAK;AAAA,MACX,UAAU;AAAA,QACR,OAAO,MAAM,YAAA;AAAA,QACb,GAAG;AAAA,QACH,GAAG;AAAA,QACH,GAAG;AAAA,MAAA,CACJ;AAAA,IAAA;AAAA,EAEL;AACF;AAEO,SAAS,cAAc,GAAgC;AAC5D,MAAI,aAAa,OAAO;AACtB,WAAO,iBAAiB,CAAC;AAAA,EAC3B;AACA,MAAI,KAAK,OAAO,MAAM,UAAU;AAC9B,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,SAAS,iBAAiB,GAAU;AAClC,SAAO;AAAA,IACL,GAAG;AAAA;AAAA,IACH,MAAM,EAAE;AAAA,IACR,UAAU,EAAE;AAAA,IACZ,OAAO,EAAE;AAAA,IACT,GAAI,WAAW,IAAI,EAAC,OAAO,cAAc,EAAE,KAAK,MAAK;AAAA,EAAA;AAEzD;AAEA,SAAS,iBAAiB,SAAyC;AACjE,QAAM,OAAO,CAAA;AACb,aAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,WAAW,CAAA,CAAE,GAAG;AAClD,UAAM,MAAM,MAAM,SAAY,IAAI,GAAG,CAAC,IAAI,CAAC;AAC3C,SAAK,KAAK,GAAG;AAAA,EACf;AACA,SAAO;AACT;AAEA,SAAS,eAAe,GAAY;AAClC,MAAI,OAAO,MAAM,UAAU;AACzB,WAAO;AAAA,EACT;AACA,MAAI,aAAa,OAAO;AACtB,WAAO,UAAU,iBAAiB,CAAC,CAAC;AAAA,EACtC;AACA,SAAO,UAAU,CAAC;AACpB;"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
type Split<S extends string, Sep extends string> = S extends `${infer Head}${Sep}${infer Tail}` ? [Head, ...Split<Tail, Sep>] : S extends '' ? [] : [S];
|
|
2
|
+
type GetAtPath<T, Parts extends readonly string[]> = Parts extends readonly [
|
|
3
|
+
infer Head extends string,
|
|
4
|
+
...infer Tail extends readonly string[]
|
|
5
|
+
] ? Head extends keyof T ? GetAtPath<T[Head], Tail> : undefined : T;
|
|
6
|
+
type ValueAtPath<Path extends string, T, Sep extends string> = GetAtPath<T, Split<Path, Sep>>;
|
|
7
|
+
export declare function getValueAtPath(obj: object, path: string, sep: RegExp): unknown;
|
|
8
|
+
export declare function getValueAtPath<const Path extends string, const T extends object, const Sep extends string>(obj: T, path: Path, sep: Sep): ValueAtPath<Path, T, Sep>;
|
|
9
|
+
/**
|
|
10
|
+
* Recursively iterates over all leaf values in a nested object tree.
|
|
11
|
+
* A value is considered a leaf if `isLeaf(value)` returns true,
|
|
12
|
+
* or if it's not a plain object.
|
|
13
|
+
*
|
|
14
|
+
* @param obj - The object to iterate over
|
|
15
|
+
* @param isLeaf - A function that returns true if a value should be yielded as a leaf
|
|
16
|
+
*/
|
|
17
|
+
export declare function iterateLeaves<T>(obj: object, isLeaf: (value: unknown) => value is T): Iterable<T>;
|
|
18
|
+
export {};
|
|
19
|
+
//# sourceMappingURL=object-traversal.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"object-traversal.d.ts","sourceRoot":"","sources":["../../../../shared/src/object-traversal.ts"],"names":[],"mappings":"AAAA,KAAK,KAAK,CACR,CAAC,SAAS,MAAM,EAChB,GAAG,SAAS,MAAM,IAChB,CAAC,SAAS,GAAG,MAAM,IAAI,GAAG,GAAG,GAAG,MAAM,IAAI,EAAE,GAC5C,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,GAC3B,CAAC,SAAS,EAAE,GACV,EAAE,GACF,CAAC,CAAC,CAAC,CAAC;AAEV,KAAK,SAAS,CAAC,CAAC,EAAE,KAAK,SAAS,SAAS,MAAM,EAAE,IAAI,KAAK,SAAS,SAAS;IAC1E,MAAM,IAAI,SAAS,MAAM;IACzB,GAAG,MAAM,IAAI,SAAS,SAAS,MAAM,EAAE;CACxC,GACG,IAAI,SAAS,MAAM,CAAC,GAClB,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,GACxB,SAAS,GACX,CAAC,CAAC;AAEN,KAAK,WAAW,CAAC,IAAI,SAAS,MAAM,EAAE,CAAC,EAAE,GAAG,SAAS,MAAM,IAAI,SAAS,CACtE,CAAC,EACD,KAAK,CAAC,IAAI,EAAE,GAAG,CAAC,CACjB,CAAC;AAEF,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;AAChF,wBAAgB,cAAc,CAC5B,KAAK,CAAC,IAAI,SAAS,MAAM,EACzB,KAAK,CAAC,CAAC,SAAS,MAAM,EACtB,KAAK,CAAC,GAAG,SAAS,MAAM,EACxB,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;AAkB3D;;;;;;;GAOG;AACH,wBAAiB,aAAa,CAAC,CAAC,EAC9B,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,KAAK,IAAI,CAAC,GACrC,QAAQ,CAAC,CAAC,CAAC,CASb"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
function getValueAtPath(obj, path, sep) {
|
|
2
|
+
const parts = path.split(sep);
|
|
3
|
+
let current = obj;
|
|
4
|
+
for (const part of parts) {
|
|
5
|
+
if (current && typeof current === "object" && part in current) {
|
|
6
|
+
current = current[part];
|
|
7
|
+
} else {
|
|
8
|
+
return void 0;
|
|
9
|
+
}
|
|
10
|
+
}
|
|
11
|
+
return current;
|
|
12
|
+
}
|
|
13
|
+
function* iterateLeaves(obj, isLeaf) {
|
|
14
|
+
for (const key of Object.keys(obj)) {
|
|
15
|
+
const value = obj[key];
|
|
16
|
+
if (isLeaf(value)) {
|
|
17
|
+
yield value;
|
|
18
|
+
} else if (value && typeof value === "object") {
|
|
19
|
+
yield* iterateLeaves(value, isLeaf);
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
export {
|
|
24
|
+
getValueAtPath,
|
|
25
|
+
iterateLeaves
|
|
26
|
+
};
|
|
27
|
+
//# sourceMappingURL=object-traversal.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"object-traversal.js","sources":["../../../../shared/src/object-traversal.ts"],"sourcesContent":["type Split<\n S extends string,\n Sep extends string,\n> = S extends `${infer Head}${Sep}${infer Tail}`\n ? [Head, ...Split<Tail, Sep>]\n : S extends ''\n ? []\n : [S];\n\ntype GetAtPath<T, Parts extends readonly string[]> = Parts extends readonly [\n infer Head extends string,\n ...infer Tail extends readonly string[],\n]\n ? Head extends keyof T\n ? GetAtPath<T[Head], Tail>\n : undefined\n : T;\n\ntype ValueAtPath<Path extends string, T, Sep extends string> = GetAtPath<\n T,\n Split<Path, Sep>\n>;\n\nexport function getValueAtPath(obj: object, path: string, sep: RegExp): unknown;\nexport function getValueAtPath<\n const Path extends string,\n const T extends object,\n const Sep extends string,\n>(obj: T, path: Path, sep: Sep): ValueAtPath<Path, T, Sep>;\nexport function getValueAtPath(\n obj: object,\n path: string,\n sep: string | RegExp,\n): unknown {\n const parts = path.split(sep);\n let current: unknown = obj;\n for (const part of parts) {\n if (current && typeof current === 'object' && part in current) {\n current = (current as Record<string, unknown>)[part];\n } else {\n return undefined;\n }\n }\n return current;\n}\n\n/**\n * Recursively iterates over all leaf values in a nested object tree.\n * A value is considered a leaf if `isLeaf(value)` returns true,\n * or if it's not a plain object.\n *\n * @param obj - The object to iterate over\n * @param isLeaf - A function that returns true if a value should be yielded as a leaf\n */\nexport function* iterateLeaves<T>(\n obj: object,\n isLeaf: (value: unknown) => value is T,\n): Iterable<T> {\n for (const key of Object.keys(obj)) {\n const value = (obj as Record<string, unknown>)[key];\n if (isLeaf(value)) {\n yield value;\n } else if (value && typeof value === 'object') {\n yield* iterateLeaves(value, isLeaf);\n }\n }\n}\n"],"names":[],"mappings":"AA6BO,SAAS,eACd,KACA,MACA,KACS;AACT,QAAM,QAAQ,KAAK,MAAM,GAAG;AAC5B,MAAI,UAAmB;AACvB,aAAW,QAAQ,OAAO;AACxB,QAAI,WAAW,OAAO,YAAY,YAAY,QAAQ,SAAS;AAC7D,gBAAW,QAAoC,IAAI;AAAA,IACrD,OAAO;AACL,aAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAUO,UAAU,cACf,KACA,QACa;AACb,aAAW,OAAO,OAAO,KAAK,GAAG,GAAG;AAClC,UAAM,QAAS,IAAgC,GAAG;AAClD,QAAI,OAAO,KAAK,GAAG;AACjB,YAAM;AAAA,IACR,WAAW,SAAS,OAAO,UAAU,UAAU;AAC7C,aAAO,cAAc,OAAO,MAAM;AAAA,IACpC;AAAA,EACF;AACF;"}
|
package/out/zero/package.json.js
CHANGED
package/out/zero/src/pg.js
CHANGED
|
@@ -4,7 +4,6 @@ import { TransactionImpl, makeSchemaCRUD, makeServerTransaction } from "../../ze
|
|
|
4
4
|
import { OutOfOrderMutation, getMutation, handleMutationRequest } from "../../zero-server/src/process-mutations.js";
|
|
5
5
|
import { PushProcessor } from "../../zero-server/src/push-processor.js";
|
|
6
6
|
import { handleGetQueriesRequest, handleTransformRequest } from "../../zero-server/src/queries/process-queries.js";
|
|
7
|
-
import { QueryRegistry } from "../../zero-server/src/query-registry.js";
|
|
8
7
|
import { ZQLDatabase } from "../../zero-server/src/zql-database.js";
|
|
9
8
|
import { PostgresJSConnection, PostgresJsTransactionInternal, zeroPostgresJS } from "../../zero-server/src/adapters/postgresjs.js";
|
|
10
9
|
export {
|
|
@@ -13,7 +12,6 @@ export {
|
|
|
13
12
|
PostgresJSConnection,
|
|
14
13
|
PostgresJsTransactionInternal,
|
|
15
14
|
PushProcessor,
|
|
16
|
-
QueryRegistry,
|
|
17
15
|
TransactionImpl,
|
|
18
16
|
ZQLDatabase,
|
|
19
17
|
customMutatorKey,
|
package/out/zero/src/pg.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pg.js","sources":[],"sourcesContent":[],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"pg.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;"}
|
package/out/zero/src/server.js
CHANGED
|
@@ -4,13 +4,11 @@ import { TransactionImpl, makeSchemaCRUD, makeServerTransaction } from "../../ze
|
|
|
4
4
|
import { OutOfOrderMutation, getMutation, handleMutationRequest } from "../../zero-server/src/process-mutations.js";
|
|
5
5
|
import { PushProcessor } from "../../zero-server/src/push-processor.js";
|
|
6
6
|
import { handleGetQueriesRequest, handleTransformRequest } from "../../zero-server/src/queries/process-queries.js";
|
|
7
|
-
import { QueryRegistry } from "../../zero-server/src/query-registry.js";
|
|
8
7
|
import { ZQLDatabase } from "../../zero-server/src/zql-database.js";
|
|
9
8
|
export {
|
|
10
9
|
ApplicationError,
|
|
11
10
|
OutOfOrderMutation,
|
|
12
11
|
PushProcessor,
|
|
13
|
-
QueryRegistry,
|
|
14
12
|
TransactionImpl,
|
|
15
13
|
ZQLDatabase,
|
|
16
14
|
customMutatorKey,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.js","sources":[],"sourcesContent":[],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"server.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;"}
|
package/out/zero/src/zero.js
CHANGED
|
@@ -10,9 +10,12 @@ import { createSchema } from "../../zero-schema/src/builder/schema-builder.js";
|
|
|
10
10
|
import { boolean, enumeration, json, number, string, table } from "../../zero-schema/src/builder/table-builder.js";
|
|
11
11
|
import { ANYONE_CAN, ANYONE_CAN_DO_ANYTHING, NOBODY_CAN, definePermissions } from "../../zero-schema/src/permissions.js";
|
|
12
12
|
import { applyChange } from "../../zql/src/ivm/view-apply-change.js";
|
|
13
|
-
import {
|
|
13
|
+
import { defineMutators, defineMutatorsWithType, getMutator, isMutatorRegistry, mustGetMutator } from "../../zql/src/mutate/mutator-registry.js";
|
|
14
|
+
import { defineMutator, defineMutatorWithType, isMutator, isMutatorDefinition } from "../../zql/src/mutate/mutator.js";
|
|
15
|
+
import { createBuilder } from "../../zql/src/query/create-builder.js";
|
|
14
16
|
import { escapeLike } from "../../zql/src/query/escape-like.js";
|
|
15
|
-
import {
|
|
17
|
+
import { syncedQuery, syncedQueryWithContext, withValidation } from "../../zql/src/query/named.js";
|
|
18
|
+
import { defineQueries, defineQueriesWithType, defineQuery, defineQueryWithType, getQuery, isQueryDefinition, mustGetQuery } from "../../zql/src/query/query-registry.js";
|
|
16
19
|
import { bindingsForZero, registerZeroDelegate } from "../../zero-client/src/client/bindings.js";
|
|
17
20
|
import * as updateNeededReasonTypeEnum from "../../zero-client/src/client/update-needed-reason-type-enum.js";
|
|
18
21
|
import { Zero } from "../../zero-client/src/client/zero.js";
|
|
@@ -30,17 +33,30 @@ export {
|
|
|
30
33
|
boolean,
|
|
31
34
|
createBuilder,
|
|
32
35
|
createSchema,
|
|
36
|
+
defineMutator,
|
|
37
|
+
defineMutatorWithType,
|
|
38
|
+
defineMutators,
|
|
39
|
+
defineMutatorsWithType,
|
|
33
40
|
definePermissions,
|
|
41
|
+
defineQueries,
|
|
42
|
+
defineQueriesWithType,
|
|
34
43
|
defineQuery,
|
|
35
|
-
|
|
44
|
+
defineQueryWithType,
|
|
36
45
|
dropAllDatabases,
|
|
37
46
|
dropDatabase,
|
|
38
47
|
enumeration,
|
|
39
48
|
escapeLike,
|
|
40
49
|
getDefaultPuller,
|
|
50
|
+
getMutator,
|
|
51
|
+
getQuery,
|
|
52
|
+
isMutator,
|
|
53
|
+
isMutatorDefinition,
|
|
54
|
+
isMutatorRegistry,
|
|
41
55
|
isQueryDefinition,
|
|
42
56
|
json,
|
|
43
57
|
makeIDBName,
|
|
58
|
+
mustGetMutator,
|
|
59
|
+
mustGetQuery,
|
|
44
60
|
number,
|
|
45
61
|
registerZeroDelegate,
|
|
46
62
|
relationships,
|
package/out/zero/src/zero.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"zero.js","sources":[],"sourcesContent":[],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"zero.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;"}
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
import { type JWK, type JWTClaimVerificationOptions, type JWTPayload } from 'jose';
|
|
2
2
|
import type { AuthConfig } from '../config/zero-config.ts';
|
|
3
|
+
/** @deprecated */
|
|
3
4
|
export declare function createJwkPair(): Promise<{
|
|
4
5
|
privateJwk: JWK;
|
|
5
6
|
publicJwk: JWK;
|
|
6
7
|
}>;
|
|
8
|
+
/** @deprecated */
|
|
7
9
|
export declare const tokenConfigOptions: (config: AuthConfig) => ("jwk" | "jwksUrl" | "secret")[];
|
|
10
|
+
/** @deprecated */
|
|
8
11
|
export declare function verifyToken(config: AuthConfig, token: string, verifyOptions: JWTClaimVerificationOptions): Promise<JWTPayload>;
|
|
9
12
|
//# sourceMappingURL=jwt.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../../../zero-cache/src/auth/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../../../zero-cache/src/auth/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,EAKL,KAAK,GAAG,EACR,KAAK,2BAA2B,EAChC,KAAK,UAAU,EAEhB,MAAM,MAAM,CAAC;AACd,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,0BAA0B,CAAC;AAEzD,kBAAkB;AAClB,wBAAsB,aAAa;;;GAelC;AAWD,kBAAkB;AAClB,eAAO,MAAM,kBAAkB,GAAI,QAAQ,UAAU,qCAMpD,CAAC;AAEF,kBAAkB;AAClB,wBAAsB,WAAW,CAC/B,MAAM,EAAE,UAAU,EAClB,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,2BAA2B,GACzC,OAAO,CAAC,UAAU,CAAC,CAiBrB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.js","sources":["../../../../../zero-cache/src/auth/jwt.ts"],"sourcesContent":["import {\n createRemoteJWKSet,\n jwtVerify,\n type JWK,\n type JWTClaimVerificationOptions,\n type JWTPayload,\n type KeyLike,\n} from 'jose';\nimport type {AuthConfig} from '../config/zero-config.ts';\
|
|
1
|
+
{"version":3,"file":"jwt.js","sources":["../../../../../zero-cache/src/auth/jwt.ts"],"sourcesContent":["import {\n createRemoteJWKSet,\n exportJWK,\n generateKeyPair,\n jwtVerify,\n type JWK,\n type JWTClaimVerificationOptions,\n type JWTPayload,\n type KeyLike,\n} from 'jose';\nimport type {AuthConfig} from '../config/zero-config.ts';\n\n/** @deprecated */\nexport async function createJwkPair() {\n const {publicKey, privateKey} = await generateKeyPair('PS256');\n\n const privateJwk = await exportJWK(privateKey);\n const publicJwk = await exportJWK(publicKey);\n\n privateJwk.kid = 'key-2024-001';\n privateJwk.use = 'sig';\n privateJwk.alg = 'PS256';\n\n publicJwk.kid = privateJwk.kid;\n publicJwk.use = privateJwk.use;\n publicJwk.alg = privateJwk.alg;\n\n return {privateJwk, publicJwk};\n}\n\nlet remoteKeyset: ReturnType<typeof createRemoteJWKSet> | undefined;\nfunction getRemoteKeyset(jwksUrl: string) {\n if (remoteKeyset === undefined) {\n remoteKeyset = createRemoteJWKSet(new URL(jwksUrl));\n }\n\n return remoteKeyset;\n}\n\n/** @deprecated */\nexport const tokenConfigOptions = (config: AuthConfig) => {\n const tokenOptions = (['jwk', 'secret', 'jwksUrl'] as const).filter(\n key => config[key] !== undefined,\n );\n\n return tokenOptions;\n};\n\n/** @deprecated */\nexport async function verifyToken(\n config: AuthConfig,\n token: string,\n verifyOptions: JWTClaimVerificationOptions,\n): Promise<JWTPayload> {\n if (config.jwk !== undefined) {\n return verifyTokenImpl(token, loadJwk(config.jwk), verifyOptions);\n }\n\n if (config.secret !== undefined) {\n return verifyTokenImpl(token, loadSecret(config.secret), verifyOptions);\n }\n\n if (config.jwksUrl !== undefined) {\n const remoteKeyset = getRemoteKeyset(config.jwksUrl);\n return (await jwtVerify(token, remoteKeyset, verifyOptions)).payload;\n }\n\n throw new Error(\n 'verifyToken was called but no auth options (one of: jwk, secret, jwksUrl) were configured.',\n );\n}\n\nfunction loadJwk(jwkString: string) {\n return JSON.parse(jwkString) as JWK;\n}\n\nfunction loadSecret(secret: string) {\n return new TextEncoder().encode(secret);\n}\n\nasync function verifyTokenImpl(\n token: string,\n verifyKey: Uint8Array | KeyLike | JWK,\n verifyOptions: JWTClaimVerificationOptions,\n): Promise<JWTPayload> {\n const {payload} = await jwtVerify(token, verifyKey, verifyOptions);\n\n return payload;\n}\n"],"names":["remoteKeyset"],"mappings":";AA8BA,IAAI;AACJ,SAAS,gBAAgB,SAAiB;AACxC,MAAI,iBAAiB,QAAW;AAC9B,mBAAe,mBAAmB,IAAI,IAAI,OAAO,CAAC;AAAA,EACpD;AAEA,SAAO;AACT;AAGO,MAAM,qBAAqB,CAAC,WAAuB;AACxD,QAAM,eAAgB,CAAC,OAAO,UAAU,SAAS,EAAY;AAAA,IAC3D,CAAA,QAAO,OAAO,GAAG,MAAM;AAAA,EAAA;AAGzB,SAAO;AACT;AAGA,eAAsB,YACpB,QACA,OACA,eACqB;AACrB,MAAI,OAAO,QAAQ,QAAW;AAC5B,WAAO,gBAAgB,OAAO,QAAQ,OAAO,GAAG,GAAG,aAAa;AAAA,EAClE;AAEA,MAAI,OAAO,WAAW,QAAW;AAC/B,WAAO,gBAAgB,OAAO,WAAW,OAAO,MAAM,GAAG,aAAa;AAAA,EACxE;AAEA,MAAI,OAAO,YAAY,QAAW;AAChC,UAAMA,gBAAe,gBAAgB,OAAO,OAAO;AACnD,YAAQ,MAAM,UAAU,OAAOA,eAAc,aAAa,GAAG;AAAA,EAC/D;AAEA,QAAM,IAAI;AAAA,IACR;AAAA,EAAA;AAEJ;AAEA,SAAS,QAAQ,WAAmB;AAClC,SAAO,KAAK,MAAM,SAAS;AAC7B;AAEA,SAAS,WAAW,QAAgB;AAClC,SAAO,IAAI,YAAA,EAAc,OAAO,MAAM;AACxC;AAEA,eAAe,gBACb,OACA,WACA,eACqB;AACrB,QAAM,EAAC,QAAA,IAAW,MAAM,UAAU,OAAO,WAAW,aAAa;AAEjE,SAAO;AACT;"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import type { LogContext } from '@rocicorp/logger';
|
|
2
2
|
import type { JWTPayload } from 'jose';
|
|
3
3
|
import type { CRUDOp, UpsertOp } from '../../../zero-protocol/src/push.ts';
|
|
4
|
+
import type { DatabaseStorage } from '../../../zqlite/src/database-storage.ts';
|
|
4
5
|
import type { Database } from '../../../zqlite/src/db.ts';
|
|
5
6
|
import type { ZeroConfig } from '../config/zero-config.ts';
|
|
6
7
|
export interface WriteAuthorizer {
|
|
@@ -11,7 +12,7 @@ export interface WriteAuthorizer {
|
|
|
11
12
|
}
|
|
12
13
|
export declare class WriteAuthorizerImpl implements WriteAuthorizer {
|
|
13
14
|
#private;
|
|
14
|
-
constructor(lc: LogContext, config: ZeroConfig, replica: Database, appID: string, cgID: string);
|
|
15
|
+
constructor(lc: LogContext, config: ZeroConfig, replica: Database, appID: string, cgID: string, writeAuthzStorage: DatabaseStorage);
|
|
15
16
|
reloadPermissions(): void;
|
|
16
17
|
destroy(): void;
|
|
17
18
|
canPreMutation(authData: JWTPayload | undefined, ops: Exclude<CRUDOp, UpsertOp>[]): Promise<boolean>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"write-authorizer.d.ts","sourceRoot":"","sources":["../../../../../zero-cache/src/auth/write-authorizer.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AACjD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"write-authorizer.d.ts","sourceRoot":"","sources":["../../../../../zero-cache/src/auth/write-authorizer.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AACjD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,MAAM,CAAC;AAUrC,OAAO,KAAK,EACV,MAAM,EAIN,QAAQ,EACT,MAAM,oCAAoC,CAAC;AAc5C,OAAO,KAAK,EACV,eAAe,EAEhB,MAAM,yCAAyC,CAAC;AACjD,OAAO,KAAK,EAAC,QAAQ,EAAC,MAAM,2BAA2B,CAAC;AAMxD,OAAO,KAAK,EAAY,UAAU,EAAC,MAAM,0BAA0B,CAAC;AAapE,MAAM,WAAW,eAAe;IAC9B,cAAc,CACZ,QAAQ,EAAE,UAAU,GAAG,SAAS,EAChC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,GAC/B,OAAO,CAAC,OAAO,CAAC,CAAC;IACpB,eAAe,CACb,QAAQ,EAAE,UAAU,GAAG,SAAS,EAChC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,GAC/B,OAAO,CAAC,OAAO,CAAC,CAAC;IACpB,iBAAiB,IAAI,IAAI,CAAC;IAC1B,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC;CAC1D;AAED,qBAAa,mBAAoB,YAAW,eAAe;;gBAevD,EAAE,EAAE,UAAU,EACd,MAAM,EAAE,UAAU,EAClB,OAAO,EAAE,QAAQ,EACjB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,iBAAiB,EAAE,eAAe;IAqBpC,iBAAiB;IASjB,OAAO;IAID,cAAc,CAClB,QAAQ,EAAE,UAAU,GAAG,SAAS,EAChC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE;IAsB5B,eAAe,CACnB,QAAQ,EAAE,UAAU,GAAG,SAAS,EAChC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE;IA6DlC,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE;CA4UzD"}
|
|
@@ -1,15 +1,10 @@
|
|
|
1
|
-
import { tmpdir } from "node:os";
|
|
2
|
-
import path from "node:path";
|
|
3
|
-
import { pid } from "node:process";
|
|
4
1
|
import { assert } from "../../../shared/src/asserts.js";
|
|
5
2
|
import { must } from "../../../shared/src/must.js";
|
|
6
|
-
import { randInt } from "../../../shared/src/rand.js";
|
|
7
3
|
import { parse } from "../../../shared/src/valita.js";
|
|
8
4
|
import { primaryKeyValueSchema } from "../../../zero-protocol/src/primary-key.js";
|
|
9
5
|
import { bindStaticParameters, buildPipeline } from "../../../zql/src/builder/builder.js";
|
|
10
6
|
import { simplifyCondition } from "../../../zql/src/query/expression.js";
|
|
11
7
|
import { staticQuery, asStaticQuery } from "../../../zql/src/query/static-query.js";
|
|
12
|
-
import { DatabaseStorage } from "../../../zqlite/src/database-storage.js";
|
|
13
8
|
import { sql, compile } from "../../../zqlite/src/internal/sql.js";
|
|
14
9
|
import { TableSource, fromSQLiteTypes } from "../../../zqlite/src/table-source.js";
|
|
15
10
|
import { computeZqlSpecs } from "../db/lite-tables.js";
|
|
@@ -28,17 +23,12 @@ class WriteAuthorizerImpl {
|
|
|
28
23
|
#logConfig;
|
|
29
24
|
#cgStorage;
|
|
30
25
|
#loadedPermissions = null;
|
|
31
|
-
constructor(lc, config, replica, appID, cgID) {
|
|
26
|
+
constructor(lc, config, replica, appID, cgID, writeAuthzStorage) {
|
|
32
27
|
this.#appID = appID;
|
|
33
28
|
this.#lc = lc.withContext("class", "WriteAuthorizerImpl");
|
|
34
29
|
this.#logConfig = config.log;
|
|
35
30
|
this.#schema = getSchema(this.#lc, replica);
|
|
36
31
|
this.#replica = replica;
|
|
37
|
-
const tmpDir = config.storageDBTmpDir ?? tmpdir();
|
|
38
|
-
const writeAuthzStorage = DatabaseStorage.create(
|
|
39
|
-
lc,
|
|
40
|
-
path.join(tmpDir, `mutagen-${pid}-${randInt(1e6, 9999999)}`)
|
|
41
|
-
);
|
|
42
32
|
this.#cgStorage = writeAuthzStorage.createClientGroupStorage(cgID);
|
|
43
33
|
this.#builderDelegate = {
|
|
44
34
|
getSource: (name) => this.#getSource(name),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"write-authorizer.js","sources":["../../../../../zero-cache/src/auth/write-authorizer.ts"],"sourcesContent":["import type {SQLQuery} from '@databases/sql';\nimport type {MaybePromise} from '@opentelemetry/resources';\nimport type {LogContext} from '@rocicorp/logger';\nimport type {JWTPayload} from 'jose';\nimport {tmpdir} from 'node:os';\nimport path from 'node:path';\nimport {pid} from 'node:process';\nimport {assert} from '../../../shared/src/asserts.ts';\nimport type {JSONValue, ReadonlyJSONValue} from '../../../shared/src/json.ts';\nimport {must} from '../../../shared/src/must.ts';\nimport {randInt} from '../../../shared/src/rand.ts';\nimport * as v from '../../../shared/src/valita.ts';\nimport type {Condition} from '../../../zero-protocol/src/ast.ts';\nimport {\n primaryKeyValueSchema,\n type PrimaryKeyValue,\n} from '../../../zero-protocol/src/primary-key.ts';\nimport type {\n CRUDOp,\n DeleteOp,\n InsertOp,\n UpdateOp,\n UpsertOp,\n} from '../../../zero-protocol/src/push.ts';\nimport type {Policy} from '../../../zero-schema/src/compiled-permissions.ts';\nimport type {Schema} from '../../../zero-types/src/schema.ts';\nimport type {BuilderDelegate} from '../../../zql/src/builder/builder.ts';\nimport {\n bindStaticParameters,\n buildPipeline,\n} from '../../../zql/src/builder/builder.ts';\nimport {simplifyCondition} from '../../../zql/src/query/expression.ts';\nimport type {Query} from '../../../zql/src/query/query.ts';\nimport {\n asStaticQuery,\n staticQuery,\n} from '../../../zql/src/query/static-query.ts';\nimport {\n DatabaseStorage,\n type ClientGroupStorage,\n} from '../../../zqlite/src/database-storage.ts';\nimport type {Database} from '../../../zqlite/src/db.ts';\nimport {compile, sql} from '../../../zqlite/src/internal/sql.ts';\nimport {\n fromSQLiteTypes,\n TableSource,\n} from '../../../zqlite/src/table-source.ts';\nimport type {LogConfig, ZeroConfig} from '../config/zero-config.ts';\nimport {computeZqlSpecs} from '../db/lite-tables.ts';\nimport type {LiteAndZqlSpec} from '../db/specs.ts';\nimport {StatementRunner} from '../db/statements.ts';\nimport {mapLiteDataTypeToZqlSchemaValue} from '../types/lite.ts';\nimport {\n getSchema,\n reloadPermissionsIfChanged,\n type LoadedPermissions,\n} from './load-permissions.ts';\n\ntype Phase = 'preMutation' | 'postMutation';\n\nexport interface WriteAuthorizer {\n canPreMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ): Promise<boolean>;\n canPostMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ): Promise<boolean>;\n reloadPermissions(): void;\n normalizeOps(ops: CRUDOp[]): Exclude<CRUDOp, UpsertOp>[];\n}\n\nexport class WriteAuthorizerImpl implements WriteAuthorizer {\n readonly #schema: Schema;\n readonly #replica: Database;\n readonly #builderDelegate: BuilderDelegate;\n readonly #tableSpecs: Map<string, LiteAndZqlSpec>;\n readonly #tables = new Map<string, TableSource>();\n readonly #statementRunner: StatementRunner;\n readonly #lc: LogContext;\n readonly #appID: string;\n readonly #logConfig: LogConfig;\n readonly #cgStorage: ClientGroupStorage;\n\n #loadedPermissions: LoadedPermissions | null = null;\n\n constructor(\n lc: LogContext,\n config: ZeroConfig,\n replica: Database,\n appID: string,\n cgID: string,\n ) {\n this.#appID = appID;\n this.#lc = lc.withContext('class', 'WriteAuthorizerImpl');\n this.#logConfig = config.log;\n this.#schema = getSchema(this.#lc, replica);\n this.#replica = replica;\n const tmpDir = config.storageDBTmpDir ?? tmpdir();\n const writeAuthzStorage = DatabaseStorage.create(\n lc,\n path.join(tmpDir, `mutagen-${pid}-${randInt(1000000, 9999999)}`),\n );\n this.#cgStorage = writeAuthzStorage.createClientGroupStorage(cgID);\n this.#builderDelegate = {\n getSource: name => this.#getSource(name),\n createStorage: () => this.#cgStorage.createStorage(),\n decorateSourceInput: input => input,\n decorateInput: input => input,\n addEdge() {},\n decorateFilterInput: input => input,\n };\n this.#tableSpecs = computeZqlSpecs(this.#lc, replica);\n this.#statementRunner = new StatementRunner(replica);\n this.reloadPermissions();\n }\n\n reloadPermissions() {\n this.#loadedPermissions = reloadPermissionsIfChanged(\n this.#lc,\n this.#statementRunner,\n this.#appID,\n this.#loadedPermissions,\n ).permissions;\n }\n\n destroy() {\n this.#cgStorage.destroy();\n }\n\n async canPreMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ) {\n for (const op of ops) {\n switch (op.op) {\n case 'insert':\n // insert does not run pre-mutation checks\n break;\n case 'update':\n if (!(await this.#canUpdate('preMutation', authData, op))) {\n return false;\n }\n break;\n case 'delete':\n if (!(await this.#canDelete('preMutation', authData, op))) {\n return false;\n }\n break;\n }\n }\n return true;\n }\n\n async canPostMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ) {\n this.#statementRunner.beginConcurrent();\n try {\n for (const op of ops) {\n const source = this.#getSource(op.tableName);\n switch (op.op) {\n case 'insert': {\n source.push({\n type: 'add',\n row: op.value,\n });\n break;\n }\n // TODO(mlaw): what if someone updates the same thing twice?\n // TODO(aa): It seems like it will just work? source.push()\n // is going to push the row into the table source, and then the\n // next requirePreMutationRow will just return the row that was\n // pushed in.\n case 'update': {\n source.push({\n type: 'edit',\n oldRow: this.#requirePreMutationRow(op),\n row: op.value,\n });\n break;\n }\n case 'delete': {\n source.push({\n type: 'remove',\n row: this.#requirePreMutationRow(op),\n });\n break;\n }\n }\n }\n\n for (const op of ops) {\n switch (op.op) {\n case 'insert':\n if (!(await this.#canInsert('postMutation', authData, op))) {\n return false;\n }\n break;\n case 'update':\n if (!(await this.#canUpdate('postMutation', authData, op))) {\n return false;\n }\n break;\n case 'delete':\n // delete does not run post-mutation checks.\n break;\n }\n }\n } finally {\n this.#statementRunner.rollback();\n }\n\n return true;\n }\n\n normalizeOps(ops: CRUDOp[]): Exclude<CRUDOp, UpsertOp>[] {\n return ops.map(op => {\n if (op.op === 'upsert') {\n const preMutationRow = this.#getPreMutationRow(op);\n if (preMutationRow) {\n return {\n op: 'update',\n tableName: op.tableName,\n primaryKey: op.primaryKey,\n value: op.value,\n };\n }\n return {\n op: 'insert',\n tableName: op.tableName,\n primaryKey: op.primaryKey,\n value: op.value,\n };\n }\n return op;\n });\n }\n\n #canInsert(phase: Phase, authData: JWTPayload | undefined, op: InsertOp) {\n return this.#timedCanDo(phase, 'insert', authData, op);\n }\n\n #canUpdate(phase: Phase, authData: JWTPayload | undefined, op: UpdateOp) {\n return this.#timedCanDo(phase, 'update', authData, op);\n }\n\n #canDelete(phase: Phase, authData: JWTPayload | undefined, op: DeleteOp) {\n return this.#timedCanDo(phase, 'delete', authData, op);\n }\n\n /**\n * Gets schema-defined primary key and validates that operation contains required PK values.\n *\n * @returns Record where keys are column names and values are client-provided values\n * @throws Error if operation value is missing required primary key columns\n */\n #getPrimaryKey(\n tableName: string,\n opValue: Record<string, ReadonlyJSONValue | undefined>,\n ): Record<string, ReadonlyJSONValue> {\n const tableSpec = this.#tableSpecs.get(tableName);\n if (!tableSpec) {\n throw new Error(`Table ${tableName} not found`);\n }\n const columns = tableSpec.tableSpec.primaryKey;\n\n // Extract primary key values from operation value and validate they exist\n const values: Record<string, ReadonlyJSONValue> = {};\n for (const col of columns) {\n const val = opValue[col];\n if (val === undefined) {\n throw new Error(\n `Primary key column '${col}' is missing from operation value for table ${tableName}`,\n );\n }\n values[col] = val;\n }\n\n return values;\n }\n\n #getSource(tableName: string) {\n let source = this.#tables.get(tableName);\n if (source) {\n return source;\n }\n const tableSpec = this.#tableSpecs.get(tableName);\n if (!tableSpec) {\n throw new Error(`Table ${tableName} not found`);\n }\n const {columns, primaryKey} = tableSpec.tableSpec;\n assert(primaryKey.length);\n source = new TableSource(\n this.#lc,\n this.#logConfig,\n this.#replica,\n tableName,\n Object.fromEntries(\n Object.entries(columns).map(([name, {dataType}]) => [\n name,\n mapLiteDataTypeToZqlSchemaValue(dataType),\n ]),\n ),\n [primaryKey[0], ...primaryKey.slice(1)],\n );\n this.#tables.set(tableName, source);\n\n return source;\n }\n\n async #timedCanDo<A extends keyof ActionOpMap>(\n phase: Phase,\n action: A,\n authData: JWTPayload | undefined,\n op: ActionOpMap[A],\n ) {\n const start = performance.now();\n try {\n const ret = await this.#canDo(phase, action, authData, op);\n return ret;\n } finally {\n this.#lc.info?.(\n 'action:',\n action,\n 'duration:',\n performance.now() - start,\n 'tableName:',\n op.tableName,\n 'primaryKey:',\n op.primaryKey,\n );\n }\n }\n\n /**\n * Evaluation order is from static to dynamic, broad to specific.\n * table -> column -> row -> cell.\n *\n * If any step fails, the entire operation is denied.\n *\n * That is, table rules supersede column rules, which supersede row rules,\n *\n * All steps must allow for the operation to be allowed.\n */\n async #canDo<A extends keyof ActionOpMap>(\n phase: Phase,\n action: A,\n authData: JWTPayload | undefined,\n op: ActionOpMap[A],\n ) {\n const rules = must(this.#loadedPermissions).permissions?.tables[\n op.tableName\n ];\n const rowPolicies = rules?.row;\n let rowQuery = staticQuery(this.#schema, op.tableName);\n\n const primaryKeyValues = this.#getPrimaryKey(op.tableName, op.value);\n\n for (const pk in primaryKeyValues) {\n rowQuery = rowQuery.where(pk, '=', primaryKeyValues[pk]);\n }\n\n let applicableRowPolicy: Policy | undefined;\n switch (action) {\n case 'insert':\n if (phase === 'postMutation') {\n applicableRowPolicy = rowPolicies?.insert;\n }\n break;\n case 'update':\n if (phase === 'preMutation') {\n applicableRowPolicy = rowPolicies?.update?.preMutation;\n } else if (phase === 'postMutation') {\n applicableRowPolicy = rowPolicies?.update?.postMutation;\n }\n break;\n case 'delete':\n if (phase === 'preMutation') {\n applicableRowPolicy = rowPolicies?.delete;\n }\n break;\n }\n\n const cellPolicies = rules?.cell;\n const applicableCellPolicies: Policy[] = [];\n if (cellPolicies) {\n for (const [column, policy] of Object.entries(cellPolicies)) {\n if (action === 'update' && op.value[column] === undefined) {\n // If the cell is not being updated, we do not need to check\n // the cell rules.\n continue;\n }\n switch (action) {\n case 'insert':\n if (policy.insert && phase === 'postMutation') {\n applicableCellPolicies.push(policy.insert);\n }\n break;\n case 'update':\n if (phase === 'preMutation' && policy.update?.preMutation) {\n applicableCellPolicies.push(policy.update.preMutation);\n }\n if (phase === 'postMutation' && policy.update?.postMutation) {\n applicableCellPolicies.push(policy.update.postMutation);\n }\n break;\n case 'delete':\n if (policy.delete && phase === 'preMutation') {\n applicableCellPolicies.push(policy.delete);\n }\n break;\n }\n }\n }\n\n if (\n !(await this.#passesPolicyGroup(\n applicableRowPolicy,\n applicableCellPolicies,\n authData,\n rowQuery,\n ))\n ) {\n this.#lc.warn?.(\n `Permission check failed for ${JSON.stringify(\n op,\n )}, action ${action}, phase ${phase}, authData: ${JSON.stringify(\n authData,\n )}, rowPolicies: ${JSON.stringify(\n applicableRowPolicy,\n )}, cellPolicies: ${JSON.stringify(applicableCellPolicies)}`,\n );\n return false;\n }\n\n return true;\n }\n\n #getPreMutationRow(op: UpsertOp | UpdateOp | DeleteOp) {\n const {value} = op;\n\n const primaryKeyValues = this.#getPrimaryKey(op.tableName, value);\n\n const spec = this.#tableSpecs.get(op.tableName);\n if (!spec) {\n throw new Error(`Table ${op.tableName} not found`);\n }\n\n const conditions: SQLQuery[] = [];\n const values: PrimaryKeyValue[] = [];\n for (const pk in primaryKeyValues) {\n conditions.push(sql`${sql.ident(pk)}=?`);\n values.push(v.parse(primaryKeyValues[pk], primaryKeyValueSchema));\n }\n\n const ret = this.#statementRunner.get(\n compile(\n sql`SELECT ${sql.join(\n Object.keys(spec.zqlSpec).map(c => sql.ident(c)),\n sql`,`,\n )} FROM ${sql.ident(op.tableName)} WHERE ${sql.join(\n conditions,\n sql` AND `,\n )}`,\n ),\n ...values,\n );\n if (ret === undefined) {\n return ret;\n }\n return fromSQLiteTypes(spec.zqlSpec, ret, op.tableName);\n }\n\n #requirePreMutationRow(op: UpdateOp | DeleteOp) {\n const ret = this.#getPreMutationRow(op);\n assert(\n ret !== undefined,\n () => `Pre-mutation row not found for ${JSON.stringify(op.value)}`,\n );\n return ret;\n }\n\n async #passesPolicyGroup(\n applicableRowPolicy: Policy | undefined,\n applicableCellPolicies: Policy[],\n authData: JWTPayload | undefined,\n rowQuery: Query<Schema, string>,\n ) {\n if (!(await this.#passesPolicy(applicableRowPolicy, authData, rowQuery))) {\n return false;\n }\n\n for (const policy of applicableCellPolicies) {\n if (!(await this.#passesPolicy(policy, authData, rowQuery))) {\n return false;\n }\n }\n\n return true;\n }\n\n /**\n * Defaults to *false* if the policy is empty. At least one rule has to pass\n * for the policy to pass.\n */\n #passesPolicy(\n policy: Policy | undefined,\n authData: JWTPayload | undefined,\n rowQuery: Query<Schema, string>,\n ): MaybePromise<boolean> {\n if (policy === undefined) {\n return false;\n }\n if (policy.length === 0) {\n return false;\n }\n let rowQueryAst = asStaticQuery(rowQuery).ast;\n rowQueryAst = bindStaticParameters(\n {\n ...rowQueryAst,\n where: updateWhere(rowQueryAst.where, policy),\n },\n {\n authData: authData as Record<string, JSONValue>,\n preMutationRow: undefined,\n },\n );\n\n // call the compiler directly\n // run the sql against upstream.\n // remove the collecting into json? just need to know if a row comes back.\n\n const input = buildPipeline(rowQueryAst, this.#builderDelegate, 'query-id');\n try {\n const res = input.fetch({});\n for (const _ of res) {\n // if any row is returned at all, the\n // rule passes.\n return true;\n }\n } finally {\n input.destroy();\n }\n\n // no rows returned by any rules? The policy fails.\n return false;\n }\n}\n\nfunction updateWhere(where: Condition | undefined, policy: Policy) {\n assert(where, 'A where condition must exist for RowQuery');\n\n return simplifyCondition({\n type: 'and',\n conditions: [\n where,\n {\n type: 'or',\n conditions: policy.map(([action, rule]) => {\n assert(action);\n return rule;\n }),\n },\n ],\n });\n}\n\ntype ActionOpMap = {\n insert: InsertOp;\n update: UpdateOp;\n delete: DeleteOp;\n};\n"],"names":["v.parse"],"mappings":";;;;;;;;;;;;;;;;;;AAyEO,MAAM,oBAA+C;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,8BAAc,IAAA;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAET,qBAA+C;AAAA,EAE/C,YACE,IACA,QACA,SACA,OACA,MACA;AACA,SAAK,SAAS;AACd,SAAK,MAAM,GAAG,YAAY,SAAS,qBAAqB;AACxD,SAAK,aAAa,OAAO;AACzB,SAAK,UAAU,UAAU,KAAK,KAAK,OAAO;AAC1C,SAAK,WAAW;AAChB,UAAM,SAAS,OAAO,mBAAmB,OAAA;AACzC,UAAM,oBAAoB,gBAAgB;AAAA,MACxC;AAAA,MACA,KAAK,KAAK,QAAQ,WAAW,GAAG,IAAI,QAAQ,KAAS,OAAO,CAAC,EAAE;AAAA,IAAA;AAEjE,SAAK,aAAa,kBAAkB,yBAAyB,IAAI;AACjE,SAAK,mBAAmB;AAAA,MACtB,WAAW,CAAA,SAAQ,KAAK,WAAW,IAAI;AAAA,MACvC,eAAe,MAAM,KAAK,WAAW,cAAA;AAAA,MACrC,qBAAqB,CAAA,UAAS;AAAA,MAC9B,eAAe,CAAA,UAAS;AAAA,MACxB,UAAU;AAAA,MAAC;AAAA,MACX,qBAAqB,CAAA,UAAS;AAAA,IAAA;AAEhC,SAAK,cAAc,gBAAgB,KAAK,KAAK,OAAO;AACpD,SAAK,mBAAmB,IAAI,gBAAgB,OAAO;AACnD,SAAK,kBAAA;AAAA,EACP;AAAA,EAEA,oBAAoB;AAClB,SAAK,qBAAqB;AAAA,MACxB,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,IAAA,EACL;AAAA,EACJ;AAAA,EAEA,UAAU;AACR,SAAK,WAAW,QAAA;AAAA,EAClB;AAAA,EAEA,MAAM,eACJ,UACA,KACA;AACA,eAAW,MAAM,KAAK;AACpB,cAAQ,GAAG,IAAA;AAAA,QACT,KAAK;AAEH;AAAA,QACF,KAAK;AACH,cAAI,CAAE,MAAM,KAAK,WAAW,eAAe,UAAU,EAAE,GAAI;AACzD,mBAAO;AAAA,UACT;AACA;AAAA,QACF,KAAK;AACH,cAAI,CAAE,MAAM,KAAK,WAAW,eAAe,UAAU,EAAE,GAAI;AACzD,mBAAO;AAAA,UACT;AACA;AAAA,MAAA;AAAA,IAEN;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,gBACJ,UACA,KACA;AACA,SAAK,iBAAiB,gBAAA;AACtB,QAAI;AACF,iBAAW,MAAM,KAAK;AACpB,cAAM,SAAS,KAAK,WAAW,GAAG,SAAS;AAC3C,gBAAQ,GAAG,IAAA;AAAA,UACT,KAAK,UAAU;AACb,mBAAO,KAAK;AAAA,cACV,MAAM;AAAA,cACN,KAAK,GAAG;AAAA,YAAA,CACT;AACD;AAAA,UACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,UAMA,KAAK,UAAU;AACb,mBAAO,KAAK;AAAA,cACV,MAAM;AAAA,cACN,QAAQ,KAAK,uBAAuB,EAAE;AAAA,cACtC,KAAK,GAAG;AAAA,YAAA,CACT;AACD;AAAA,UACF;AAAA,UACA,KAAK,UAAU;AACb,mBAAO,KAAK;AAAA,cACV,MAAM;AAAA,cACN,KAAK,KAAK,uBAAuB,EAAE;AAAA,YAAA,CACpC;AACD;AAAA,UACF;AAAA,QAAA;AAAA,MAEJ;AAEA,iBAAW,MAAM,KAAK;AACpB,gBAAQ,GAAG,IAAA;AAAA,UACT,KAAK;AACH,gBAAI,CAAE,MAAM,KAAK,WAAW,gBAAgB,UAAU,EAAE,GAAI;AAC1D,qBAAO;AAAA,YACT;AACA;AAAA,UACF,KAAK;AACH,gBAAI,CAAE,MAAM,KAAK,WAAW,gBAAgB,UAAU,EAAE,GAAI;AAC1D,qBAAO;AAAA,YACT;AACA;AAAA,UACF,KAAK;AAEH;AAAA,QAAA;AAAA,MAEN;AAAA,IACF,UAAA;AACE,WAAK,iBAAiB,SAAA;AAAA,IACxB;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,aAAa,KAA4C;AACvD,WAAO,IAAI,IAAI,CAAA,OAAM;AACnB,UAAI,GAAG,OAAO,UAAU;AACtB,cAAM,iBAAiB,KAAK,mBAAmB,EAAE;AACjD,YAAI,gBAAgB;AAClB,iBAAO;AAAA,YACL,IAAI;AAAA,YACJ,WAAW,GAAG;AAAA,YACd,YAAY,GAAG;AAAA,YACf,OAAO,GAAG;AAAA,UAAA;AAAA,QAEd;AACA,eAAO;AAAA,UACL,IAAI;AAAA,UACJ,WAAW,GAAG;AAAA,UACd,YAAY,GAAG;AAAA,UACf,OAAO,GAAG;AAAA,QAAA;AAAA,MAEd;AACA,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAAA,EAEA,WAAW,OAAc,UAAkC,IAAc;AACvE,WAAO,KAAK,YAAY,OAAO,UAAU,UAAU,EAAE;AAAA,EACvD;AAAA,EAEA,WAAW,OAAc,UAAkC,IAAc;AACvE,WAAO,KAAK,YAAY,OAAO,UAAU,UAAU,EAAE;AAAA,EACvD;AAAA,EAEA,WAAW,OAAc,UAAkC,IAAc;AACvE,WAAO,KAAK,YAAY,OAAO,UAAU,UAAU,EAAE;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,eACE,WACA,SACmC;AACnC,UAAM,YAAY,KAAK,YAAY,IAAI,SAAS;AAChD,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,SAAS,SAAS,YAAY;AAAA,IAChD;AACA,UAAM,UAAU,UAAU,UAAU;AAGpC,UAAM,SAA4C,CAAA;AAClD,eAAW,OAAO,SAAS;AACzB,YAAM,MAAM,QAAQ,GAAG;AACvB,UAAI,QAAQ,QAAW;AACrB,cAAM,IAAI;AAAA,UACR,uBAAuB,GAAG,+CAA+C,SAAS;AAAA,QAAA;AAAA,MAEtF;AACA,aAAO,GAAG,IAAI;AAAA,IAChB;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,WAAW,WAAmB;AAC5B,QAAI,SAAS,KAAK,QAAQ,IAAI,SAAS;AACvC,QAAI,QAAQ;AACV,aAAO;AAAA,IACT;AACA,UAAM,YAAY,KAAK,YAAY,IAAI,SAAS;AAChD,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,SAAS,SAAS,YAAY;AAAA,IAChD;AACA,UAAM,EAAC,SAAS,WAAA,IAAc,UAAU;AACxC,WAAO,WAAW,MAAM;AACxB,aAAS,IAAI;AAAA,MACX,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,MACL;AAAA,MACA,OAAO;AAAA,QACL,OAAO,QAAQ,OAAO,EAAE,IAAI,CAAC,CAAC,MAAM,EAAC,SAAA,CAAS,MAAM;AAAA,UAClD;AAAA,UACA,gCAAgC,QAAQ;AAAA,QAAA,CACzC;AAAA,MAAA;AAAA,MAEH,CAAC,WAAW,CAAC,GAAG,GAAG,WAAW,MAAM,CAAC,CAAC;AAAA,IAAA;AAExC,SAAK,QAAQ,IAAI,WAAW,MAAM;AAElC,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,YACJ,OACA,QACA,UACA,IACA;AACA,UAAM,QAAQ,YAAY,IAAA;AAC1B,QAAI;AACF,YAAM,MAAM,MAAM,KAAK,OAAO,OAAO,QAAQ,UAAU,EAAE;AACzD,aAAO;AAAA,IACT,UAAA;AACE,WAAK,IAAI;AAAA,QACP;AAAA,QACA;AAAA,QACA;AAAA,QACA,YAAY,QAAQ;AAAA,QACpB;AAAA,QACA,GAAG;AAAA,QACH;AAAA,QACA,GAAG;AAAA,MAAA;AAAA,IAEP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,OACJ,OACA,QACA,UACA,IACA;AACA,UAAM,QAAQ,KAAK,KAAK,kBAAkB,EAAE,aAAa,OACvD,GAAG,SACL;AACA,UAAM,cAAc,OAAO;AAC3B,QAAI,WAAW,YAAY,KAAK,SAAS,GAAG,SAAS;AAErD,UAAM,mBAAmB,KAAK,eAAe,GAAG,WAAW,GAAG,KAAK;AAEnE,eAAW,MAAM,kBAAkB;AACjC,iBAAW,SAAS,MAAM,IAAI,KAAK,iBAAiB,EAAE,CAAC;AAAA,IACzD;AAEA,QAAI;AACJ,YAAQ,QAAA;AAAA,MACN,KAAK;AACH,YAAI,UAAU,gBAAgB;AAC5B,gCAAsB,aAAa;AAAA,QACrC;AACA;AAAA,MACF,KAAK;AACH,YAAI,UAAU,eAAe;AAC3B,gCAAsB,aAAa,QAAQ;AAAA,QAC7C,WAAW,UAAU,gBAAgB;AACnC,gCAAsB,aAAa,QAAQ;AAAA,QAC7C;AACA;AAAA,MACF,KAAK;AACH,YAAI,UAAU,eAAe;AAC3B,gCAAsB,aAAa;AAAA,QACrC;AACA;AAAA,IAAA;AAGJ,UAAM,eAAe,OAAO;AAC5B,UAAM,yBAAmC,CAAA;AACzC,QAAI,cAAc;AAChB,iBAAW,CAAC,QAAQ,MAAM,KAAK,OAAO,QAAQ,YAAY,GAAG;AAC3D,YAAI,WAAW,YAAY,GAAG,MAAM,MAAM,MAAM,QAAW;AAGzD;AAAA,QACF;AACA,gBAAQ,QAAA;AAAA,UACN,KAAK;AACH,gBAAI,OAAO,UAAU,UAAU,gBAAgB;AAC7C,qCAAuB,KAAK,OAAO,MAAM;AAAA,YAC3C;AACA;AAAA,UACF,KAAK;AACH,gBAAI,UAAU,iBAAiB,OAAO,QAAQ,aAAa;AACzD,qCAAuB,KAAK,OAAO,OAAO,WAAW;AAAA,YACvD;AACA,gBAAI,UAAU,kBAAkB,OAAO,QAAQ,cAAc;AAC3D,qCAAuB,KAAK,OAAO,OAAO,YAAY;AAAA,YACxD;AACA;AAAA,UACF,KAAK;AACH,gBAAI,OAAO,UAAU,UAAU,eAAe;AAC5C,qCAAuB,KAAK,OAAO,MAAM;AAAA,YAC3C;AACA;AAAA,QAAA;AAAA,MAEN;AAAA,IACF;AAEA,QACE,CAAE,MAAM,KAAK;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IAAA,GAEF;AACA,WAAK,IAAI;AAAA,QACP,+BAA+B,KAAK;AAAA,UAClC;AAAA,QAAA,CACD,YAAY,MAAM,WAAW,KAAK,eAAe,KAAK;AAAA,UACrD;AAAA,QAAA,CACD,kBAAkB,KAAK;AAAA,UACtB;AAAA,QAAA,CACD,mBAAmB,KAAK,UAAU,sBAAsB,CAAC;AAAA,MAAA;AAE5D,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,mBAAmB,IAAoC;AACrD,UAAM,EAAC,UAAS;AAEhB,UAAM,mBAAmB,KAAK,eAAe,GAAG,WAAW,KAAK;AAEhE,UAAM,OAAO,KAAK,YAAY,IAAI,GAAG,SAAS;AAC9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,MAAM,SAAS,GAAG,SAAS,YAAY;AAAA,IACnD;AAEA,UAAM,aAAyB,CAAA;AAC/B,UAAM,SAA4B,CAAA;AAClC,eAAW,MAAM,kBAAkB;AACjC,iBAAW,KAAK,MAAM,IAAI,MAAM,EAAE,CAAC,IAAI;AACvC,aAAO,KAAKA,MAAQ,iBAAiB,EAAE,GAAG,qBAAqB,CAAC;AAAA,IAClE;AAEA,UAAM,MAAM,KAAK,iBAAiB;AAAA,MAChC;AAAA,QACE,aAAa,IAAI;AAAA,UACf,OAAO,KAAK,KAAK,OAAO,EAAE,IAAI,CAAA,MAAK,IAAI,MAAM,CAAC,CAAC;AAAA,UAC/C;AAAA,QAAA,CACD,SAAS,IAAI,MAAM,GAAG,SAAS,CAAC,UAAU,IAAI;AAAA,UAC7C;AAAA,UACA;AAAA,QAAA,CACD;AAAA,MAAA;AAAA,MAEH,GAAG;AAAA,IAAA;AAEL,QAAI,QAAQ,QAAW;AACrB,aAAO;AAAA,IACT;AACA,WAAO,gBAAgB,KAAK,SAAS,KAAK,GAAG,SAAS;AAAA,EACxD;AAAA,EAEA,uBAAuB,IAAyB;AAC9C,UAAM,MAAM,KAAK,mBAAmB,EAAE;AACtC;AAAA,MACE,QAAQ;AAAA,MACR,MAAM,kCAAkC,KAAK,UAAU,GAAG,KAAK,CAAC;AAAA,IAAA;AAElE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,mBACJ,qBACA,wBACA,UACA,UACA;AACA,QAAI,CAAE,MAAM,KAAK,cAAc,qBAAqB,UAAU,QAAQ,GAAI;AACxE,aAAO;AAAA,IACT;AAEA,eAAW,UAAU,wBAAwB;AAC3C,UAAI,CAAE,MAAM,KAAK,cAAc,QAAQ,UAAU,QAAQ,GAAI;AAC3D,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cACE,QACA,UACA,UACuB;AACvB,QAAI,WAAW,QAAW;AACxB,aAAO;AAAA,IACT;AACA,QAAI,OAAO,WAAW,GAAG;AACvB,aAAO;AAAA,IACT;AACA,QAAI,cAAc,cAAc,QAAQ,EAAE;AAC1C,kBAAc;AAAA,MACZ;AAAA,QACE,GAAG;AAAA,QACH,OAAO,YAAY,YAAY,OAAO,MAAM;AAAA,MAAA;AAAA,MAE9C;AAAA,QACE;AAAA,QACA,gBAAgB;AAAA,MAAA;AAAA,IAClB;AAOF,UAAM,QAAQ,cAAc,aAAa,KAAK,kBAAkB,UAAU;AAC1E,QAAI;AACF,YAAM,MAAM,MAAM,MAAM,EAAE;AAC1B,iBAAW,KAAK,KAAK;AAGnB,eAAO;AAAA,MACT;AAAA,IACF,UAAA;AACE,YAAM,QAAA;AAAA,IACR;AAGA,WAAO;AAAA,EACT;AACF;AAEA,SAAS,YAAY,OAA8B,QAAgB;AACjE,SAAO,OAAO,2CAA2C;AAEzD,SAAO,kBAAkB;AAAA,IACvB,MAAM;AAAA,IACN,YAAY;AAAA,MACV;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,YAAY,OAAO,IAAI,CAAC,CAAC,QAAQ,IAAI,MAAM;AACzC,iBAAO,MAAM;AACb,iBAAO;AAAA,QACT,CAAC;AAAA,MAAA;AAAA,IACH;AAAA,EACF,CACD;AACH;"}
|
|
1
|
+
{"version":3,"file":"write-authorizer.js","sources":["../../../../../zero-cache/src/auth/write-authorizer.ts"],"sourcesContent":["import type {SQLQuery} from '@databases/sql';\nimport type {MaybePromise} from '@opentelemetry/resources';\nimport type {LogContext} from '@rocicorp/logger';\nimport type {JWTPayload} from 'jose';\nimport {assert} from '../../../shared/src/asserts.ts';\nimport type {JSONValue, ReadonlyJSONValue} from '../../../shared/src/json.ts';\nimport {must} from '../../../shared/src/must.ts';\nimport * as v from '../../../shared/src/valita.ts';\nimport type {Condition} from '../../../zero-protocol/src/ast.ts';\nimport {\n primaryKeyValueSchema,\n type PrimaryKeyValue,\n} from '../../../zero-protocol/src/primary-key.ts';\nimport type {\n CRUDOp,\n DeleteOp,\n InsertOp,\n UpdateOp,\n UpsertOp,\n} from '../../../zero-protocol/src/push.ts';\nimport type {Policy} from '../../../zero-schema/src/compiled-permissions.ts';\nimport type {Schema} from '../../../zero-types/src/schema.ts';\nimport type {BuilderDelegate} from '../../../zql/src/builder/builder.ts';\nimport {\n bindStaticParameters,\n buildPipeline,\n} from '../../../zql/src/builder/builder.ts';\nimport {simplifyCondition} from '../../../zql/src/query/expression.ts';\nimport type {Query} from '../../../zql/src/query/query.ts';\nimport {\n asStaticQuery,\n staticQuery,\n} from '../../../zql/src/query/static-query.ts';\nimport type {\n DatabaseStorage,\n ClientGroupStorage,\n} from '../../../zqlite/src/database-storage.ts';\nimport type {Database} from '../../../zqlite/src/db.ts';\nimport {compile, sql} from '../../../zqlite/src/internal/sql.ts';\nimport {\n fromSQLiteTypes,\n TableSource,\n} from '../../../zqlite/src/table-source.ts';\nimport type {LogConfig, ZeroConfig} from '../config/zero-config.ts';\nimport {computeZqlSpecs} from '../db/lite-tables.ts';\nimport type {LiteAndZqlSpec} from '../db/specs.ts';\nimport {StatementRunner} from '../db/statements.ts';\nimport {mapLiteDataTypeToZqlSchemaValue} from '../types/lite.ts';\nimport {\n getSchema,\n reloadPermissionsIfChanged,\n type LoadedPermissions,\n} from './load-permissions.ts';\n\ntype Phase = 'preMutation' | 'postMutation';\n\nexport interface WriteAuthorizer {\n canPreMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ): Promise<boolean>;\n canPostMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ): Promise<boolean>;\n reloadPermissions(): void;\n normalizeOps(ops: CRUDOp[]): Exclude<CRUDOp, UpsertOp>[];\n}\n\nexport class WriteAuthorizerImpl implements WriteAuthorizer {\n readonly #schema: Schema;\n readonly #replica: Database;\n readonly #builderDelegate: BuilderDelegate;\n readonly #tableSpecs: Map<string, LiteAndZqlSpec>;\n readonly #tables = new Map<string, TableSource>();\n readonly #statementRunner: StatementRunner;\n readonly #lc: LogContext;\n readonly #appID: string;\n readonly #logConfig: LogConfig;\n readonly #cgStorage: ClientGroupStorage;\n\n #loadedPermissions: LoadedPermissions | null = null;\n\n constructor(\n lc: LogContext,\n config: ZeroConfig,\n replica: Database,\n appID: string,\n cgID: string,\n writeAuthzStorage: DatabaseStorage,\n ) {\n this.#appID = appID;\n this.#lc = lc.withContext('class', 'WriteAuthorizerImpl');\n this.#logConfig = config.log;\n this.#schema = getSchema(this.#lc, replica);\n this.#replica = replica;\n this.#cgStorage = writeAuthzStorage.createClientGroupStorage(cgID);\n this.#builderDelegate = {\n getSource: name => this.#getSource(name),\n createStorage: () => this.#cgStorage.createStorage(),\n decorateSourceInput: input => input,\n decorateInput: input => input,\n addEdge() {},\n decorateFilterInput: input => input,\n };\n this.#tableSpecs = computeZqlSpecs(this.#lc, replica);\n this.#statementRunner = new StatementRunner(replica);\n this.reloadPermissions();\n }\n\n reloadPermissions() {\n this.#loadedPermissions = reloadPermissionsIfChanged(\n this.#lc,\n this.#statementRunner,\n this.#appID,\n this.#loadedPermissions,\n ).permissions;\n }\n\n destroy() {\n this.#cgStorage.destroy();\n }\n\n async canPreMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ) {\n for (const op of ops) {\n switch (op.op) {\n case 'insert':\n // insert does not run pre-mutation checks\n break;\n case 'update':\n if (!(await this.#canUpdate('preMutation', authData, op))) {\n return false;\n }\n break;\n case 'delete':\n if (!(await this.#canDelete('preMutation', authData, op))) {\n return false;\n }\n break;\n }\n }\n return true;\n }\n\n async canPostMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ) {\n this.#statementRunner.beginConcurrent();\n try {\n for (const op of ops) {\n const source = this.#getSource(op.tableName);\n switch (op.op) {\n case 'insert': {\n source.push({\n type: 'add',\n row: op.value,\n });\n break;\n }\n // TODO(mlaw): what if someone updates the same thing twice?\n // TODO(aa): It seems like it will just work? source.push()\n // is going to push the row into the table source, and then the\n // next requirePreMutationRow will just return the row that was\n // pushed in.\n case 'update': {\n source.push({\n type: 'edit',\n oldRow: this.#requirePreMutationRow(op),\n row: op.value,\n });\n break;\n }\n case 'delete': {\n source.push({\n type: 'remove',\n row: this.#requirePreMutationRow(op),\n });\n break;\n }\n }\n }\n\n for (const op of ops) {\n switch (op.op) {\n case 'insert':\n if (!(await this.#canInsert('postMutation', authData, op))) {\n return false;\n }\n break;\n case 'update':\n if (!(await this.#canUpdate('postMutation', authData, op))) {\n return false;\n }\n break;\n case 'delete':\n // delete does not run post-mutation checks.\n break;\n }\n }\n } finally {\n this.#statementRunner.rollback();\n }\n\n return true;\n }\n\n normalizeOps(ops: CRUDOp[]): Exclude<CRUDOp, UpsertOp>[] {\n return ops.map(op => {\n if (op.op === 'upsert') {\n const preMutationRow = this.#getPreMutationRow(op);\n if (preMutationRow) {\n return {\n op: 'update',\n tableName: op.tableName,\n primaryKey: op.primaryKey,\n value: op.value,\n };\n }\n return {\n op: 'insert',\n tableName: op.tableName,\n primaryKey: op.primaryKey,\n value: op.value,\n };\n }\n return op;\n });\n }\n\n #canInsert(phase: Phase, authData: JWTPayload | undefined, op: InsertOp) {\n return this.#timedCanDo(phase, 'insert', authData, op);\n }\n\n #canUpdate(phase: Phase, authData: JWTPayload | undefined, op: UpdateOp) {\n return this.#timedCanDo(phase, 'update', authData, op);\n }\n\n #canDelete(phase: Phase, authData: JWTPayload | undefined, op: DeleteOp) {\n return this.#timedCanDo(phase, 'delete', authData, op);\n }\n\n /**\n * Gets schema-defined primary key and validates that operation contains required PK values.\n *\n * @returns Record where keys are column names and values are client-provided values\n * @throws Error if operation value is missing required primary key columns\n */\n #getPrimaryKey(\n tableName: string,\n opValue: Record<string, ReadonlyJSONValue | undefined>,\n ): Record<string, ReadonlyJSONValue> {\n const tableSpec = this.#tableSpecs.get(tableName);\n if (!tableSpec) {\n throw new Error(`Table ${tableName} not found`);\n }\n const columns = tableSpec.tableSpec.primaryKey;\n\n // Extract primary key values from operation value and validate they exist\n const values: Record<string, ReadonlyJSONValue> = {};\n for (const col of columns) {\n const val = opValue[col];\n if (val === undefined) {\n throw new Error(\n `Primary key column '${col}' is missing from operation value for table ${tableName}`,\n );\n }\n values[col] = val;\n }\n\n return values;\n }\n\n #getSource(tableName: string) {\n let source = this.#tables.get(tableName);\n if (source) {\n return source;\n }\n const tableSpec = this.#tableSpecs.get(tableName);\n if (!tableSpec) {\n throw new Error(`Table ${tableName} not found`);\n }\n const {columns, primaryKey} = tableSpec.tableSpec;\n assert(primaryKey.length);\n source = new TableSource(\n this.#lc,\n this.#logConfig,\n this.#replica,\n tableName,\n Object.fromEntries(\n Object.entries(columns).map(([name, {dataType}]) => [\n name,\n mapLiteDataTypeToZqlSchemaValue(dataType),\n ]),\n ),\n [primaryKey[0], ...primaryKey.slice(1)],\n );\n this.#tables.set(tableName, source);\n\n return source;\n }\n\n async #timedCanDo<A extends keyof ActionOpMap>(\n phase: Phase,\n action: A,\n authData: JWTPayload | undefined,\n op: ActionOpMap[A],\n ) {\n const start = performance.now();\n try {\n const ret = await this.#canDo(phase, action, authData, op);\n return ret;\n } finally {\n this.#lc.info?.(\n 'action:',\n action,\n 'duration:',\n performance.now() - start,\n 'tableName:',\n op.tableName,\n 'primaryKey:',\n op.primaryKey,\n );\n }\n }\n\n /**\n * Evaluation order is from static to dynamic, broad to specific.\n * table -> column -> row -> cell.\n *\n * If any step fails, the entire operation is denied.\n *\n * That is, table rules supersede column rules, which supersede row rules,\n *\n * All steps must allow for the operation to be allowed.\n */\n async #canDo<A extends keyof ActionOpMap>(\n phase: Phase,\n action: A,\n authData: JWTPayload | undefined,\n op: ActionOpMap[A],\n ) {\n const rules = must(this.#loadedPermissions).permissions?.tables[\n op.tableName\n ];\n const rowPolicies = rules?.row;\n let rowQuery = staticQuery(this.#schema, op.tableName);\n\n const primaryKeyValues = this.#getPrimaryKey(op.tableName, op.value);\n\n for (const pk in primaryKeyValues) {\n rowQuery = rowQuery.where(pk, '=', primaryKeyValues[pk]);\n }\n\n let applicableRowPolicy: Policy | undefined;\n switch (action) {\n case 'insert':\n if (phase === 'postMutation') {\n applicableRowPolicy = rowPolicies?.insert;\n }\n break;\n case 'update':\n if (phase === 'preMutation') {\n applicableRowPolicy = rowPolicies?.update?.preMutation;\n } else if (phase === 'postMutation') {\n applicableRowPolicy = rowPolicies?.update?.postMutation;\n }\n break;\n case 'delete':\n if (phase === 'preMutation') {\n applicableRowPolicy = rowPolicies?.delete;\n }\n break;\n }\n\n const cellPolicies = rules?.cell;\n const applicableCellPolicies: Policy[] = [];\n if (cellPolicies) {\n for (const [column, policy] of Object.entries(cellPolicies)) {\n if (action === 'update' && op.value[column] === undefined) {\n // If the cell is not being updated, we do not need to check\n // the cell rules.\n continue;\n }\n switch (action) {\n case 'insert':\n if (policy.insert && phase === 'postMutation') {\n applicableCellPolicies.push(policy.insert);\n }\n break;\n case 'update':\n if (phase === 'preMutation' && policy.update?.preMutation) {\n applicableCellPolicies.push(policy.update.preMutation);\n }\n if (phase === 'postMutation' && policy.update?.postMutation) {\n applicableCellPolicies.push(policy.update.postMutation);\n }\n break;\n case 'delete':\n if (policy.delete && phase === 'preMutation') {\n applicableCellPolicies.push(policy.delete);\n }\n break;\n }\n }\n }\n\n if (\n !(await this.#passesPolicyGroup(\n applicableRowPolicy,\n applicableCellPolicies,\n authData,\n rowQuery,\n ))\n ) {\n this.#lc.warn?.(\n `Permission check failed for ${JSON.stringify(\n op,\n )}, action ${action}, phase ${phase}, authData: ${JSON.stringify(\n authData,\n )}, rowPolicies: ${JSON.stringify(\n applicableRowPolicy,\n )}, cellPolicies: ${JSON.stringify(applicableCellPolicies)}`,\n );\n return false;\n }\n\n return true;\n }\n\n #getPreMutationRow(op: UpsertOp | UpdateOp | DeleteOp) {\n const {value} = op;\n\n const primaryKeyValues = this.#getPrimaryKey(op.tableName, value);\n\n const spec = this.#tableSpecs.get(op.tableName);\n if (!spec) {\n throw new Error(`Table ${op.tableName} not found`);\n }\n\n const conditions: SQLQuery[] = [];\n const values: PrimaryKeyValue[] = [];\n for (const pk in primaryKeyValues) {\n conditions.push(sql`${sql.ident(pk)}=?`);\n values.push(v.parse(primaryKeyValues[pk], primaryKeyValueSchema));\n }\n\n const ret = this.#statementRunner.get(\n compile(\n sql`SELECT ${sql.join(\n Object.keys(spec.zqlSpec).map(c => sql.ident(c)),\n sql`,`,\n )} FROM ${sql.ident(op.tableName)} WHERE ${sql.join(\n conditions,\n sql` AND `,\n )}`,\n ),\n ...values,\n );\n if (ret === undefined) {\n return ret;\n }\n return fromSQLiteTypes(spec.zqlSpec, ret, op.tableName);\n }\n\n #requirePreMutationRow(op: UpdateOp | DeleteOp) {\n const ret = this.#getPreMutationRow(op);\n assert(\n ret !== undefined,\n () => `Pre-mutation row not found for ${JSON.stringify(op.value)}`,\n );\n return ret;\n }\n\n async #passesPolicyGroup(\n applicableRowPolicy: Policy | undefined,\n applicableCellPolicies: Policy[],\n authData: JWTPayload | undefined,\n rowQuery: Query<Schema, string>,\n ) {\n if (!(await this.#passesPolicy(applicableRowPolicy, authData, rowQuery))) {\n return false;\n }\n\n for (const policy of applicableCellPolicies) {\n if (!(await this.#passesPolicy(policy, authData, rowQuery))) {\n return false;\n }\n }\n\n return true;\n }\n\n /**\n * Defaults to *false* if the policy is empty. At least one rule has to pass\n * for the policy to pass.\n */\n #passesPolicy(\n policy: Policy | undefined,\n authData: JWTPayload | undefined,\n rowQuery: Query<Schema, string>,\n ): MaybePromise<boolean> {\n if (policy === undefined) {\n return false;\n }\n if (policy.length === 0) {\n return false;\n }\n let rowQueryAst = asStaticQuery(rowQuery).ast;\n rowQueryAst = bindStaticParameters(\n {\n ...rowQueryAst,\n where: updateWhere(rowQueryAst.where, policy),\n },\n {\n authData: authData as Record<string, JSONValue>,\n preMutationRow: undefined,\n },\n );\n\n // call the compiler directly\n // run the sql against upstream.\n // remove the collecting into json? just need to know if a row comes back.\n\n const input = buildPipeline(rowQueryAst, this.#builderDelegate, 'query-id');\n try {\n const res = input.fetch({});\n for (const _ of res) {\n // if any row is returned at all, the\n // rule passes.\n return true;\n }\n } finally {\n input.destroy();\n }\n\n // no rows returned by any rules? The policy fails.\n return false;\n }\n}\n\nfunction updateWhere(where: Condition | undefined, policy: Policy) {\n assert(where, 'A where condition must exist for RowQuery');\n\n return simplifyCondition({\n type: 'and',\n conditions: [\n where,\n {\n type: 'or',\n conditions: policy.map(([action, rule]) => {\n assert(action);\n return rule;\n }),\n },\n ],\n });\n}\n\ntype ActionOpMap = {\n insert: InsertOp;\n update: UpdateOp;\n delete: DeleteOp;\n};\n"],"names":["v.parse"],"mappings":";;;;;;;;;;;;;AAqEO,MAAM,oBAA+C;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,8BAAc,IAAA;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAET,qBAA+C;AAAA,EAE/C,YACE,IACA,QACA,SACA,OACA,MACA,mBACA;AACA,SAAK,SAAS;AACd,SAAK,MAAM,GAAG,YAAY,SAAS,qBAAqB;AACxD,SAAK,aAAa,OAAO;AACzB,SAAK,UAAU,UAAU,KAAK,KAAK,OAAO;AAC1C,SAAK,WAAW;AAChB,SAAK,aAAa,kBAAkB,yBAAyB,IAAI;AACjE,SAAK,mBAAmB;AAAA,MACtB,WAAW,CAAA,SAAQ,KAAK,WAAW,IAAI;AAAA,MACvC,eAAe,MAAM,KAAK,WAAW,cAAA;AAAA,MACrC,qBAAqB,CAAA,UAAS;AAAA,MAC9B,eAAe,CAAA,UAAS;AAAA,MACxB,UAAU;AAAA,MAAC;AAAA,MACX,qBAAqB,CAAA,UAAS;AAAA,IAAA;AAEhC,SAAK,cAAc,gBAAgB,KAAK,KAAK,OAAO;AACpD,SAAK,mBAAmB,IAAI,gBAAgB,OAAO;AACnD,SAAK,kBAAA;AAAA,EACP;AAAA,EAEA,oBAAoB;AAClB,SAAK,qBAAqB;AAAA,MACxB,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,IAAA,EACL;AAAA,EACJ;AAAA,EAEA,UAAU;AACR,SAAK,WAAW,QAAA;AAAA,EAClB;AAAA,EAEA,MAAM,eACJ,UACA,KACA;AACA,eAAW,MAAM,KAAK;AACpB,cAAQ,GAAG,IAAA;AAAA,QACT,KAAK;AAEH;AAAA,QACF,KAAK;AACH,cAAI,CAAE,MAAM,KAAK,WAAW,eAAe,UAAU,EAAE,GAAI;AACzD,mBAAO;AAAA,UACT;AACA;AAAA,QACF,KAAK;AACH,cAAI,CAAE,MAAM,KAAK,WAAW,eAAe,UAAU,EAAE,GAAI;AACzD,mBAAO;AAAA,UACT;AACA;AAAA,MAAA;AAAA,IAEN;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,gBACJ,UACA,KACA;AACA,SAAK,iBAAiB,gBAAA;AACtB,QAAI;AACF,iBAAW,MAAM,KAAK;AACpB,cAAM,SAAS,KAAK,WAAW,GAAG,SAAS;AAC3C,gBAAQ,GAAG,IAAA;AAAA,UACT,KAAK,UAAU;AACb,mBAAO,KAAK;AAAA,cACV,MAAM;AAAA,cACN,KAAK,GAAG;AAAA,YAAA,CACT;AACD;AAAA,UACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,UAMA,KAAK,UAAU;AACb,mBAAO,KAAK;AAAA,cACV,MAAM;AAAA,cACN,QAAQ,KAAK,uBAAuB,EAAE;AAAA,cACtC,KAAK,GAAG;AAAA,YAAA,CACT;AACD;AAAA,UACF;AAAA,UACA,KAAK,UAAU;AACb,mBAAO,KAAK;AAAA,cACV,MAAM;AAAA,cACN,KAAK,KAAK,uBAAuB,EAAE;AAAA,YAAA,CACpC;AACD;AAAA,UACF;AAAA,QAAA;AAAA,MAEJ;AAEA,iBAAW,MAAM,KAAK;AACpB,gBAAQ,GAAG,IAAA;AAAA,UACT,KAAK;AACH,gBAAI,CAAE,MAAM,KAAK,WAAW,gBAAgB,UAAU,EAAE,GAAI;AAC1D,qBAAO;AAAA,YACT;AACA;AAAA,UACF,KAAK;AACH,gBAAI,CAAE,MAAM,KAAK,WAAW,gBAAgB,UAAU,EAAE,GAAI;AAC1D,qBAAO;AAAA,YACT;AACA;AAAA,UACF,KAAK;AAEH;AAAA,QAAA;AAAA,MAEN;AAAA,IACF,UAAA;AACE,WAAK,iBAAiB,SAAA;AAAA,IACxB;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,aAAa,KAA4C;AACvD,WAAO,IAAI,IAAI,CAAA,OAAM;AACnB,UAAI,GAAG,OAAO,UAAU;AACtB,cAAM,iBAAiB,KAAK,mBAAmB,EAAE;AACjD,YAAI,gBAAgB;AAClB,iBAAO;AAAA,YACL,IAAI;AAAA,YACJ,WAAW,GAAG;AAAA,YACd,YAAY,GAAG;AAAA,YACf,OAAO,GAAG;AAAA,UAAA;AAAA,QAEd;AACA,eAAO;AAAA,UACL,IAAI;AAAA,UACJ,WAAW,GAAG;AAAA,UACd,YAAY,GAAG;AAAA,UACf,OAAO,GAAG;AAAA,QAAA;AAAA,MAEd;AACA,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAAA,EAEA,WAAW,OAAc,UAAkC,IAAc;AACvE,WAAO,KAAK,YAAY,OAAO,UAAU,UAAU,EAAE;AAAA,EACvD;AAAA,EAEA,WAAW,OAAc,UAAkC,IAAc;AACvE,WAAO,KAAK,YAAY,OAAO,UAAU,UAAU,EAAE;AAAA,EACvD;AAAA,EAEA,WAAW,OAAc,UAAkC,IAAc;AACvE,WAAO,KAAK,YAAY,OAAO,UAAU,UAAU,EAAE;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,eACE,WACA,SACmC;AACnC,UAAM,YAAY,KAAK,YAAY,IAAI,SAAS;AAChD,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,SAAS,SAAS,YAAY;AAAA,IAChD;AACA,UAAM,UAAU,UAAU,UAAU;AAGpC,UAAM,SAA4C,CAAA;AAClD,eAAW,OAAO,SAAS;AACzB,YAAM,MAAM,QAAQ,GAAG;AACvB,UAAI,QAAQ,QAAW;AACrB,cAAM,IAAI;AAAA,UACR,uBAAuB,GAAG,+CAA+C,SAAS;AAAA,QAAA;AAAA,MAEtF;AACA,aAAO,GAAG,IAAI;AAAA,IAChB;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,WAAW,WAAmB;AAC5B,QAAI,SAAS,KAAK,QAAQ,IAAI,SAAS;AACvC,QAAI,QAAQ;AACV,aAAO;AAAA,IACT;AACA,UAAM,YAAY,KAAK,YAAY,IAAI,SAAS;AAChD,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,SAAS,SAAS,YAAY;AAAA,IAChD;AACA,UAAM,EAAC,SAAS,WAAA,IAAc,UAAU;AACxC,WAAO,WAAW,MAAM;AACxB,aAAS,IAAI;AAAA,MACX,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,MACL;AAAA,MACA,OAAO;AAAA,QACL,OAAO,QAAQ,OAAO,EAAE,IAAI,CAAC,CAAC,MAAM,EAAC,SAAA,CAAS,MAAM;AAAA,UAClD;AAAA,UACA,gCAAgC,QAAQ;AAAA,QAAA,CACzC;AAAA,MAAA;AAAA,MAEH,CAAC,WAAW,CAAC,GAAG,GAAG,WAAW,MAAM,CAAC,CAAC;AAAA,IAAA;AAExC,SAAK,QAAQ,IAAI,WAAW,MAAM;AAElC,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,YACJ,OACA,QACA,UACA,IACA;AACA,UAAM,QAAQ,YAAY,IAAA;AAC1B,QAAI;AACF,YAAM,MAAM,MAAM,KAAK,OAAO,OAAO,QAAQ,UAAU,EAAE;AACzD,aAAO;AAAA,IACT,UAAA;AACE,WAAK,IAAI;AAAA,QACP;AAAA,QACA;AAAA,QACA;AAAA,QACA,YAAY,QAAQ;AAAA,QACpB;AAAA,QACA,GAAG;AAAA,QACH;AAAA,QACA,GAAG;AAAA,MAAA;AAAA,IAEP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,OACJ,OACA,QACA,UACA,IACA;AACA,UAAM,QAAQ,KAAK,KAAK,kBAAkB,EAAE,aAAa,OACvD,GAAG,SACL;AACA,UAAM,cAAc,OAAO;AAC3B,QAAI,WAAW,YAAY,KAAK,SAAS,GAAG,SAAS;AAErD,UAAM,mBAAmB,KAAK,eAAe,GAAG,WAAW,GAAG,KAAK;AAEnE,eAAW,MAAM,kBAAkB;AACjC,iBAAW,SAAS,MAAM,IAAI,KAAK,iBAAiB,EAAE,CAAC;AAAA,IACzD;AAEA,QAAI;AACJ,YAAQ,QAAA;AAAA,MACN,KAAK;AACH,YAAI,UAAU,gBAAgB;AAC5B,gCAAsB,aAAa;AAAA,QACrC;AACA;AAAA,MACF,KAAK;AACH,YAAI,UAAU,eAAe;AAC3B,gCAAsB,aAAa,QAAQ;AAAA,QAC7C,WAAW,UAAU,gBAAgB;AACnC,gCAAsB,aAAa,QAAQ;AAAA,QAC7C;AACA;AAAA,MACF,KAAK;AACH,YAAI,UAAU,eAAe;AAC3B,gCAAsB,aAAa;AAAA,QACrC;AACA;AAAA,IAAA;AAGJ,UAAM,eAAe,OAAO;AAC5B,UAAM,yBAAmC,CAAA;AACzC,QAAI,cAAc;AAChB,iBAAW,CAAC,QAAQ,MAAM,KAAK,OAAO,QAAQ,YAAY,GAAG;AAC3D,YAAI,WAAW,YAAY,GAAG,MAAM,MAAM,MAAM,QAAW;AAGzD;AAAA,QACF;AACA,gBAAQ,QAAA;AAAA,UACN,KAAK;AACH,gBAAI,OAAO,UAAU,UAAU,gBAAgB;AAC7C,qCAAuB,KAAK,OAAO,MAAM;AAAA,YAC3C;AACA;AAAA,UACF,KAAK;AACH,gBAAI,UAAU,iBAAiB,OAAO,QAAQ,aAAa;AACzD,qCAAuB,KAAK,OAAO,OAAO,WAAW;AAAA,YACvD;AACA,gBAAI,UAAU,kBAAkB,OAAO,QAAQ,cAAc;AAC3D,qCAAuB,KAAK,OAAO,OAAO,YAAY;AAAA,YACxD;AACA;AAAA,UACF,KAAK;AACH,gBAAI,OAAO,UAAU,UAAU,eAAe;AAC5C,qCAAuB,KAAK,OAAO,MAAM;AAAA,YAC3C;AACA;AAAA,QAAA;AAAA,MAEN;AAAA,IACF;AAEA,QACE,CAAE,MAAM,KAAK;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IAAA,GAEF;AACA,WAAK,IAAI;AAAA,QACP,+BAA+B,KAAK;AAAA,UAClC;AAAA,QAAA,CACD,YAAY,MAAM,WAAW,KAAK,eAAe,KAAK;AAAA,UACrD;AAAA,QAAA,CACD,kBAAkB,KAAK;AAAA,UACtB;AAAA,QAAA,CACD,mBAAmB,KAAK,UAAU,sBAAsB,CAAC;AAAA,MAAA;AAE5D,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,mBAAmB,IAAoC;AACrD,UAAM,EAAC,UAAS;AAEhB,UAAM,mBAAmB,KAAK,eAAe,GAAG,WAAW,KAAK;AAEhE,UAAM,OAAO,KAAK,YAAY,IAAI,GAAG,SAAS;AAC9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,MAAM,SAAS,GAAG,SAAS,YAAY;AAAA,IACnD;AAEA,UAAM,aAAyB,CAAA;AAC/B,UAAM,SAA4B,CAAA;AAClC,eAAW,MAAM,kBAAkB;AACjC,iBAAW,KAAK,MAAM,IAAI,MAAM,EAAE,CAAC,IAAI;AACvC,aAAO,KAAKA,MAAQ,iBAAiB,EAAE,GAAG,qBAAqB,CAAC;AAAA,IAClE;AAEA,UAAM,MAAM,KAAK,iBAAiB;AAAA,MAChC;AAAA,QACE,aAAa,IAAI;AAAA,UACf,OAAO,KAAK,KAAK,OAAO,EAAE,IAAI,CAAA,MAAK,IAAI,MAAM,CAAC,CAAC;AAAA,UAC/C;AAAA,QAAA,CACD,SAAS,IAAI,MAAM,GAAG,SAAS,CAAC,UAAU,IAAI;AAAA,UAC7C;AAAA,UACA;AAAA,QAAA,CACD;AAAA,MAAA;AAAA,MAEH,GAAG;AAAA,IAAA;AAEL,QAAI,QAAQ,QAAW;AACrB,aAAO;AAAA,IACT;AACA,WAAO,gBAAgB,KAAK,SAAS,KAAK,GAAG,SAAS;AAAA,EACxD;AAAA,EAEA,uBAAuB,IAAyB;AAC9C,UAAM,MAAM,KAAK,mBAAmB,EAAE;AACtC;AAAA,MACE,QAAQ;AAAA,MACR,MAAM,kCAAkC,KAAK,UAAU,GAAG,KAAK,CAAC;AAAA,IAAA;AAElE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,mBACJ,qBACA,wBACA,UACA,UACA;AACA,QAAI,CAAE,MAAM,KAAK,cAAc,qBAAqB,UAAU,QAAQ,GAAI;AACxE,aAAO;AAAA,IACT;AAEA,eAAW,UAAU,wBAAwB;AAC3C,UAAI,CAAE,MAAM,KAAK,cAAc,QAAQ,UAAU,QAAQ,GAAI;AAC3D,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cACE,QACA,UACA,UACuB;AACvB,QAAI,WAAW,QAAW;AACxB,aAAO;AAAA,IACT;AACA,QAAI,OAAO,WAAW,GAAG;AACvB,aAAO;AAAA,IACT;AACA,QAAI,cAAc,cAAc,QAAQ,EAAE;AAC1C,kBAAc;AAAA,MACZ;AAAA,QACE,GAAG;AAAA,QACH,OAAO,YAAY,YAAY,OAAO,MAAM;AAAA,MAAA;AAAA,MAE9C;AAAA,QACE;AAAA,QACA,gBAAgB;AAAA,MAAA;AAAA,IAClB;AAOF,UAAM,QAAQ,cAAc,aAAa,KAAK,kBAAkB,UAAU;AAC1E,QAAI;AACF,YAAM,MAAM,MAAM,MAAM,EAAE;AAC1B,iBAAW,KAAK,KAAK;AAGnB,eAAO;AAAA,MACT;AAAA,IACF,UAAA;AACE,YAAM,QAAA;AAAA,IACR;AAGA,WAAO;AAAA,EACT;AACF;AAEA,SAAS,YAAY,OAA8B,QAAgB;AACjE,SAAO,OAAO,2CAA2C;AAEzD,SAAO,kBAAkB;AAAA,IACvB,MAAM;AAAA,IACN,YAAY;AAAA,MACV;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,YAAY,OAAO,IAAI,CAAC,CAAC,QAAQ,IAAI,MAAM;AACzC,iBAAO,MAAM;AACb,iBAAO;AAAA,QACT,CAAC;AAAA,MAAA;AAAA,IACH;AAAA,EACF,CACD;AACH;"}
|