@rocicorp/zero 0.25.0-canary.9 → 0.25.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (517) hide show
  1. package/out/analyze-query/src/bin-analyze.js.map +1 -1
  2. package/out/analyze-query/src/run-ast.d.ts +1 -1
  3. package/out/analyze-query/src/run-ast.d.ts.map +1 -1
  4. package/out/analyze-query/src/run-ast.js +10 -8
  5. package/out/analyze-query/src/run-ast.js.map +1 -1
  6. package/out/otel/src/log-options.d.ts +1 -1
  7. package/out/otel/src/log-options.d.ts.map +1 -1
  8. package/out/otel/src/log-options.js +0 -1
  9. package/out/otel/src/log-options.js.map +1 -1
  10. package/out/replicache/src/persist/idb-databases-store.d.ts +1 -0
  11. package/out/replicache/src/persist/idb-databases-store.d.ts.map +1 -1
  12. package/out/replicache/src/persist/idb-databases-store.js +13 -2
  13. package/out/replicache/src/persist/idb-databases-store.js.map +1 -1
  14. package/out/shared/src/deep-merge.d.ts +6 -4
  15. package/out/shared/src/deep-merge.d.ts.map +1 -1
  16. package/out/shared/src/deep-merge.js +2 -1
  17. package/out/shared/src/deep-merge.js.map +1 -1
  18. package/out/shared/src/iterables.d.ts +0 -1
  19. package/out/shared/src/iterables.d.ts.map +1 -1
  20. package/out/shared/src/iterables.js +0 -34
  21. package/out/shared/src/iterables.js.map +1 -1
  22. package/out/shared/src/options-types.d.ts +113 -0
  23. package/out/shared/src/options-types.d.ts.map +1 -0
  24. package/out/shared/src/options.d.ts +2 -111
  25. package/out/shared/src/options.d.ts.map +1 -1
  26. package/out/shared/src/options.js.map +1 -1
  27. package/out/shared/src/record-proxy.d.ts +13 -0
  28. package/out/shared/src/record-proxy.d.ts.map +1 -0
  29. package/out/shared/src/record-proxy.js +59 -0
  30. package/out/shared/src/record-proxy.js.map +1 -0
  31. package/out/z2s/src/compiler.d.ts.map +1 -1
  32. package/out/z2s/src/compiler.js +4 -2
  33. package/out/z2s/src/compiler.js.map +1 -1
  34. package/out/zero/package.json.js +1 -1
  35. package/out/zero/src/adapters/drizzle.d.ts +1 -1
  36. package/out/zero/src/adapters/drizzle.d.ts.map +1 -1
  37. package/out/zero/src/adapters/drizzle.js +4 -1
  38. package/out/zero/src/bindings.d.ts +2 -0
  39. package/out/zero/src/bindings.d.ts.map +1 -0
  40. package/out/zero/src/bindings.js +27 -0
  41. package/out/zero/src/bindings.js.map +1 -0
  42. package/out/zero/src/pg.js +7 -5
  43. package/out/zero/src/react.js +2 -4
  44. package/out/zero/src/react.js.map +1 -1
  45. package/out/zero/src/server.js +7 -5
  46. package/out/zero/src/solid.js +2 -2
  47. package/out/zero/src/zero-cache-dev.js +11 -5
  48. package/out/zero/src/zero-cache-dev.js.map +1 -1
  49. package/out/zero/src/zero.js +6 -6
  50. package/out/zero-cache/src/auth/read-authorizer.d.ts +1 -1
  51. package/out/zero-cache/src/auth/read-authorizer.d.ts.map +1 -1
  52. package/out/zero-cache/src/auth/read-authorizer.js +1 -1
  53. package/out/zero-cache/src/auth/read-authorizer.js.map +1 -1
  54. package/out/zero-cache/src/auth/write-authorizer.d.ts.map +1 -1
  55. package/out/zero-cache/src/auth/write-authorizer.js +25 -17
  56. package/out/zero-cache/src/auth/write-authorizer.js.map +1 -1
  57. package/out/zero-cache/src/config/zero-config.d.ts +40 -4
  58. package/out/zero-cache/src/config/zero-config.d.ts.map +1 -1
  59. package/out/zero-cache/src/config/zero-config.js +58 -19
  60. package/out/zero-cache/src/config/zero-config.js.map +1 -1
  61. package/out/zero-cache/src/db/transaction-pool.d.ts.map +1 -1
  62. package/out/zero-cache/src/db/transaction-pool.js +3 -6
  63. package/out/zero-cache/src/db/transaction-pool.js.map +1 -1
  64. package/out/zero-cache/src/scripts/deploy-permissions.js +6 -3
  65. package/out/zero-cache/src/scripts/deploy-permissions.js.map +1 -1
  66. package/out/zero-cache/src/scripts/permissions.d.ts.map +1 -1
  67. package/out/zero-cache/src/scripts/permissions.js +11 -13
  68. package/out/zero-cache/src/scripts/permissions.js.map +1 -1
  69. package/out/zero-cache/src/server/anonymous-otel-start.d.ts +10 -1
  70. package/out/zero-cache/src/server/anonymous-otel-start.d.ts.map +1 -1
  71. package/out/zero-cache/src/server/anonymous-otel-start.js +34 -18
  72. package/out/zero-cache/src/server/anonymous-otel-start.js.map +1 -1
  73. package/out/zero-cache/src/server/change-streamer.d.ts.map +1 -1
  74. package/out/zero-cache/src/server/change-streamer.js +2 -8
  75. package/out/zero-cache/src/server/change-streamer.js.map +1 -1
  76. package/out/zero-cache/src/server/otel-diag-logger.d.ts.map +1 -1
  77. package/out/zero-cache/src/server/otel-diag-logger.js +1 -21
  78. package/out/zero-cache/src/server/otel-diag-logger.js.map +1 -1
  79. package/out/zero-cache/src/server/otel-start.d.ts.map +1 -1
  80. package/out/zero-cache/src/server/otel-start.js +1 -5
  81. package/out/zero-cache/src/server/otel-start.js.map +1 -1
  82. package/out/zero-cache/src/server/syncer.d.ts.map +1 -1
  83. package/out/zero-cache/src/server/syncer.js +7 -1
  84. package/out/zero-cache/src/server/syncer.js.map +1 -1
  85. package/out/zero-cache/src/services/analyze.d.ts +2 -2
  86. package/out/zero-cache/src/services/analyze.d.ts.map +1 -1
  87. package/out/zero-cache/src/services/analyze.js +55 -42
  88. package/out/zero-cache/src/services/analyze.js.map +1 -1
  89. package/out/zero-cache/src/services/change-source/pg/change-source.d.ts.map +1 -1
  90. package/out/zero-cache/src/services/change-source/pg/change-source.js +62 -42
  91. package/out/zero-cache/src/services/change-source/pg/change-source.js.map +1 -1
  92. package/out/zero-cache/src/services/change-source/pg/schema/published.d.ts.map +1 -1
  93. package/out/zero-cache/src/services/change-source/pg/schema/published.js +3 -2
  94. package/out/zero-cache/src/services/change-source/pg/schema/published.js.map +1 -1
  95. package/out/zero-cache/src/services/change-source/protocol/current/control.d.ts +1 -0
  96. package/out/zero-cache/src/services/change-source/protocol/current/control.d.ts.map +1 -1
  97. package/out/zero-cache/src/services/change-source/protocol/current/control.js +5 -1
  98. package/out/zero-cache/src/services/change-source/protocol/current/control.js.map +1 -1
  99. package/out/zero-cache/src/services/change-source/protocol/current/downstream.d.ts +2 -0
  100. package/out/zero-cache/src/services/change-source/protocol/current/downstream.d.ts.map +1 -1
  101. package/out/zero-cache/src/services/change-source/protocol/current/json.d.ts +8 -0
  102. package/out/zero-cache/src/services/change-source/protocol/current/json.d.ts.map +1 -0
  103. package/out/zero-cache/src/services/change-source/protocol/current/json.js +19 -0
  104. package/out/zero-cache/src/services/change-source/protocol/current/json.js.map +1 -0
  105. package/out/zero-cache/src/services/change-source/protocol/current.d.ts +1 -0
  106. package/out/zero-cache/src/services/change-source/protocol/current.d.ts.map +1 -1
  107. package/out/zero-cache/src/services/change-source/protocol/current.js +3 -0
  108. package/out/zero-cache/src/services/change-source/protocol/current.js.map +1 -1
  109. package/out/zero-cache/src/services/change-streamer/change-streamer-http.d.ts +0 -2
  110. package/out/zero-cache/src/services/change-streamer/change-streamer-http.d.ts.map +1 -1
  111. package/out/zero-cache/src/services/change-streamer/change-streamer-http.js +0 -5
  112. package/out/zero-cache/src/services/change-streamer/change-streamer-http.js.map +1 -1
  113. package/out/zero-cache/src/services/change-streamer/change-streamer-service.d.ts.map +1 -1
  114. package/out/zero-cache/src/services/change-streamer/change-streamer-service.js +8 -1
  115. package/out/zero-cache/src/services/change-streamer/change-streamer-service.js.map +1 -1
  116. package/out/zero-cache/src/services/change-streamer/storer.d.ts.map +1 -1
  117. package/out/zero-cache/src/services/change-streamer/storer.js +2 -3
  118. package/out/zero-cache/src/services/change-streamer/storer.js.map +1 -1
  119. package/out/zero-cache/src/services/http-service.d.ts +0 -1
  120. package/out/zero-cache/src/services/http-service.d.ts.map +1 -1
  121. package/out/zero-cache/src/services/http-service.js +0 -4
  122. package/out/zero-cache/src/services/http-service.js.map +1 -1
  123. package/out/zero-cache/src/services/litestream/commands.js +3 -2
  124. package/out/zero-cache/src/services/litestream/commands.js.map +1 -1
  125. package/out/zero-cache/src/services/mutagen/pusher.d.ts +4 -4
  126. package/out/zero-cache/src/services/replicator/replication-status.d.ts +2 -0
  127. package/out/zero-cache/src/services/replicator/replication-status.d.ts.map +1 -1
  128. package/out/zero-cache/src/services/replicator/replication-status.js +14 -1
  129. package/out/zero-cache/src/services/replicator/replication-status.js.map +1 -1
  130. package/out/zero-cache/src/services/run-ast.d.ts +1 -1
  131. package/out/zero-cache/src/services/run-ast.d.ts.map +1 -1
  132. package/out/zero-cache/src/services/run-ast.js +5 -1
  133. package/out/zero-cache/src/services/run-ast.js.map +1 -1
  134. package/out/zero-cache/src/services/view-syncer/active-users-gauge.d.ts +2 -1
  135. package/out/zero-cache/src/services/view-syncer/active-users-gauge.d.ts.map +1 -1
  136. package/out/zero-cache/src/services/view-syncer/active-users-gauge.js +26 -13
  137. package/out/zero-cache/src/services/view-syncer/active-users-gauge.js.map +1 -1
  138. package/out/zero-cache/src/services/view-syncer/cvr-purger.d.ts +1 -1
  139. package/out/zero-cache/src/services/view-syncer/cvr-purger.d.ts.map +1 -1
  140. package/out/zero-cache/src/services/view-syncer/cvr-purger.js +39 -15
  141. package/out/zero-cache/src/services/view-syncer/cvr-purger.js.map +1 -1
  142. package/out/zero-cache/src/services/view-syncer/cvr-store.d.ts +4 -1
  143. package/out/zero-cache/src/services/view-syncer/cvr-store.d.ts.map +1 -1
  144. package/out/zero-cache/src/services/view-syncer/cvr-store.js +31 -9
  145. package/out/zero-cache/src/services/view-syncer/cvr-store.js.map +1 -1
  146. package/out/zero-cache/src/services/view-syncer/cvr.d.ts +3 -0
  147. package/out/zero-cache/src/services/view-syncer/cvr.d.ts.map +1 -1
  148. package/out/zero-cache/src/services/view-syncer/cvr.js +11 -0
  149. package/out/zero-cache/src/services/view-syncer/cvr.js.map +1 -1
  150. package/out/zero-cache/src/services/view-syncer/inspect-handler.js +1 -1
  151. package/out/zero-cache/src/services/view-syncer/inspect-handler.js.map +1 -1
  152. package/out/zero-cache/src/services/view-syncer/pipeline-driver.d.ts +11 -11
  153. package/out/zero-cache/src/services/view-syncer/pipeline-driver.d.ts.map +1 -1
  154. package/out/zero-cache/src/services/view-syncer/pipeline-driver.js +81 -27
  155. package/out/zero-cache/src/services/view-syncer/pipeline-driver.js.map +1 -1
  156. package/out/zero-cache/src/services/view-syncer/schema/cvr.d.ts +1 -0
  157. package/out/zero-cache/src/services/view-syncer/schema/cvr.d.ts.map +1 -1
  158. package/out/zero-cache/src/services/view-syncer/schema/cvr.js +23 -10
  159. package/out/zero-cache/src/services/view-syncer/schema/cvr.js.map +1 -1
  160. package/out/zero-cache/src/services/view-syncer/schema/init.d.ts.map +1 -1
  161. package/out/zero-cache/src/services/view-syncer/schema/init.js +31 -1
  162. package/out/zero-cache/src/services/view-syncer/schema/init.js.map +1 -1
  163. package/out/zero-cache/src/services/view-syncer/snapshotter.d.ts +2 -2
  164. package/out/zero-cache/src/services/view-syncer/snapshotter.d.ts.map +1 -1
  165. package/out/zero-cache/src/services/view-syncer/snapshotter.js +19 -4
  166. package/out/zero-cache/src/services/view-syncer/snapshotter.js.map +1 -1
  167. package/out/zero-cache/src/services/view-syncer/view-syncer.d.ts +2 -1
  168. package/out/zero-cache/src/services/view-syncer/view-syncer.d.ts.map +1 -1
  169. package/out/zero-cache/src/services/view-syncer/view-syncer.js +31 -29
  170. package/out/zero-cache/src/services/view-syncer/view-syncer.js.map +1 -1
  171. package/out/zero-cache/src/workers/connect-params.d.ts +1 -0
  172. package/out/zero-cache/src/workers/connect-params.d.ts.map +1 -1
  173. package/out/zero-cache/src/workers/connect-params.js +2 -0
  174. package/out/zero-cache/src/workers/connect-params.js.map +1 -1
  175. package/out/zero-cache/src/workers/syncer-ws-message-handler.d.ts.map +1 -1
  176. package/out/zero-cache/src/workers/syncer-ws-message-handler.js +2 -0
  177. package/out/zero-cache/src/workers/syncer-ws-message-handler.js.map +1 -1
  178. package/out/zero-client/src/client/bindings.d.ts +12 -42
  179. package/out/zero-client/src/client/bindings.d.ts.map +1 -1
  180. package/out/zero-client/src/client/connection-manager.d.ts +3 -3
  181. package/out/zero-client/src/client/connection-manager.d.ts.map +1 -1
  182. package/out/zero-client/src/client/connection-manager.js.map +1 -1
  183. package/out/zero-client/src/client/connection.d.ts.map +1 -1
  184. package/out/zero-client/src/client/connection.js +8 -1
  185. package/out/zero-client/src/client/connection.js.map +1 -1
  186. package/out/zero-client/src/client/crud-impl.d.ts +11 -0
  187. package/out/zero-client/src/client/crud-impl.d.ts.map +1 -0
  188. package/out/zero-client/src/client/crud-impl.js +102 -0
  189. package/out/zero-client/src/client/crud-impl.js.map +1 -0
  190. package/out/zero-client/src/client/crud.d.ts +10 -42
  191. package/out/zero-client/src/client/crud.d.ts.map +1 -1
  192. package/out/zero-client/src/client/crud.js +28 -110
  193. package/out/zero-client/src/client/crud.js.map +1 -1
  194. package/out/zero-client/src/client/custom.d.ts +11 -6
  195. package/out/zero-client/src/client/custom.d.ts.map +1 -1
  196. package/out/zero-client/src/client/custom.js +12 -53
  197. package/out/zero-client/src/client/custom.js.map +1 -1
  198. package/out/zero-client/src/client/delete-clients-manager.d.ts +1 -1
  199. package/out/zero-client/src/client/delete-clients-manager.d.ts.map +1 -1
  200. package/out/zero-client/src/client/delete-clients-manager.js +30 -3
  201. package/out/zero-client/src/client/delete-clients-manager.js.map +1 -1
  202. package/out/zero-client/src/client/error.d.ts +6 -1
  203. package/out/zero-client/src/client/error.d.ts.map +1 -1
  204. package/out/zero-client/src/client/error.js +2 -2
  205. package/out/zero-client/src/client/error.js.map +1 -1
  206. package/out/zero-client/src/client/ivm-branch.d.ts.map +1 -1
  207. package/out/zero-client/src/client/ivm-branch.js +20 -13
  208. package/out/zero-client/src/client/ivm-branch.js.map +1 -1
  209. package/out/zero-client/src/client/make-mutate-property.d.ts +6 -9
  210. package/out/zero-client/src/client/make-mutate-property.d.ts.map +1 -1
  211. package/out/zero-client/src/client/make-mutate-property.js +5 -10
  212. package/out/zero-client/src/client/make-mutate-property.js.map +1 -1
  213. package/out/zero-client/src/client/make-replicache-mutators.d.ts +2 -2
  214. package/out/zero-client/src/client/make-replicache-mutators.d.ts.map +1 -1
  215. package/out/zero-client/src/client/make-replicache-mutators.js +16 -11
  216. package/out/zero-client/src/client/make-replicache-mutators.js.map +1 -1
  217. package/out/zero-client/src/client/mutator-proxy.d.ts +3 -2
  218. package/out/zero-client/src/client/mutator-proxy.d.ts.map +1 -1
  219. package/out/zero-client/src/client/mutator-proxy.js +16 -5
  220. package/out/zero-client/src/client/mutator-proxy.js.map +1 -1
  221. package/out/zero-client/src/client/options.d.ts +5 -4
  222. package/out/zero-client/src/client/options.d.ts.map +1 -1
  223. package/out/zero-client/src/client/options.js.map +1 -1
  224. package/out/zero-client/src/client/version.js +1 -1
  225. package/out/zero-client/src/client/zero.d.ts +27 -13
  226. package/out/zero-client/src/client/zero.d.ts.map +1 -1
  227. package/out/zero-client/src/client/zero.js +81 -40
  228. package/out/zero-client/src/client/zero.js.map +1 -1
  229. package/out/zero-client/src/mod.d.ts +17 -16
  230. package/out/zero-client/src/mod.d.ts.map +1 -1
  231. package/out/zero-events/src/status.d.ts +1 -1
  232. package/out/zero-events/src/status.d.ts.map +1 -1
  233. package/out/zero-protocol/src/analyze-query-result.d.ts +2 -2
  234. package/out/zero-protocol/src/analyze-query-result.js +2 -2
  235. package/out/zero-protocol/src/analyze-query-result.js.map +1 -1
  236. package/out/zero-protocol/src/down.d.ts +2 -2
  237. package/out/zero-protocol/src/inspect-down.d.ts +6 -6
  238. package/out/zero-protocol/src/inspect-up.d.ts +4 -4
  239. package/out/zero-protocol/src/inspect-up.js +1 -1
  240. package/out/zero-protocol/src/inspect-up.js.map +1 -1
  241. package/out/zero-protocol/src/protocol-version.d.ts +1 -1
  242. package/out/zero-protocol/src/protocol-version.d.ts.map +1 -1
  243. package/out/zero-protocol/src/protocol-version.js +1 -1
  244. package/out/zero-protocol/src/protocol-version.js.map +1 -1
  245. package/out/zero-protocol/src/up.d.ts +1 -1
  246. package/out/zero-react/src/bindings.d.ts +2 -0
  247. package/out/zero-react/src/bindings.d.ts.map +1 -0
  248. package/out/zero-react/src/mod.d.ts +1 -10
  249. package/out/zero-react/src/mod.d.ts.map +1 -1
  250. package/out/zero-react/src/{use-zero-connection-state.d.ts → use-connection-state.d.ts} +3 -3
  251. package/out/zero-react/src/use-connection-state.d.ts.map +1 -0
  252. package/out/zero-react/src/{use-zero-connection-state.js → use-connection-state.js} +3 -3
  253. package/out/zero-react/src/use-connection-state.js.map +1 -0
  254. package/out/zero-react/src/use-query.d.ts +4 -10
  255. package/out/zero-react/src/use-query.d.ts.map +1 -1
  256. package/out/zero-react/src/use-query.js +26 -21
  257. package/out/zero-react/src/use-query.js.map +1 -1
  258. package/out/zero-react/src/use-zero-online.d.ts +1 -1
  259. package/out/zero-react/src/use-zero-online.js.map +1 -1
  260. package/out/zero-react/src/zero-provider.d.ts +17 -10
  261. package/out/zero-react/src/zero-provider.d.ts.map +1 -1
  262. package/out/zero-react/src/zero-provider.js +19 -1
  263. package/out/zero-react/src/zero-provider.js.map +1 -1
  264. package/out/zero-react/src/zero.d.ts +2 -0
  265. package/out/zero-react/src/zero.d.ts.map +1 -0
  266. package/out/zero-schema/src/compiled-permissions.d.ts +22 -2
  267. package/out/zero-schema/src/compiled-permissions.d.ts.map +1 -1
  268. package/out/zero-schema/src/compiled-permissions.js +7 -6
  269. package/out/zero-schema/src/compiled-permissions.js.map +1 -1
  270. package/out/zero-schema/src/permissions.d.ts +11 -8
  271. package/out/zero-schema/src/permissions.d.ts.map +1 -1
  272. package/out/zero-schema/src/permissions.js +2 -8
  273. package/out/zero-schema/src/permissions.js.map +1 -1
  274. package/out/zero-schema/src/schema-config.d.ts +0 -5
  275. package/out/zero-schema/src/schema-config.d.ts.map +1 -1
  276. package/out/zero-schema/src/schema-config.js +1 -1
  277. package/out/zero-schema/src/schema-config.js.map +1 -1
  278. package/out/zero-server/src/custom.d.ts +41 -14
  279. package/out/zero-server/src/custom.d.ts.map +1 -1
  280. package/out/zero-server/src/custom.js +129 -37
  281. package/out/zero-server/src/custom.js.map +1 -1
  282. package/out/zero-server/src/mod.d.ts +1 -1
  283. package/out/zero-server/src/mod.d.ts.map +1 -1
  284. package/out/zero-server/src/process-mutations.d.ts +10 -6
  285. package/out/zero-server/src/process-mutations.d.ts.map +1 -1
  286. package/out/zero-server/src/process-mutations.js +9 -18
  287. package/out/zero-server/src/process-mutations.js.map +1 -1
  288. package/out/zero-server/src/push-processor.d.ts.map +1 -1
  289. package/out/zero-server/src/push-processor.js +10 -8
  290. package/out/zero-server/src/push-processor.js.map +1 -1
  291. package/out/zero-server/src/queries/process-queries.d.ts +14 -2
  292. package/out/zero-server/src/queries/process-queries.d.ts.map +1 -1
  293. package/out/zero-server/src/queries/process-queries.js +18 -15
  294. package/out/zero-server/src/queries/process-queries.js.map +1 -1
  295. package/out/zero-server/src/zql-database.d.ts +6 -6
  296. package/out/zero-server/src/zql-database.d.ts.map +1 -1
  297. package/out/zero-server/src/zql-database.js +5 -17
  298. package/out/zero-server/src/zql-database.js.map +1 -1
  299. package/out/zero-solid/src/bindings.d.ts +2 -0
  300. package/out/zero-solid/src/bindings.d.ts.map +1 -0
  301. package/out/zero-solid/src/mod.d.ts +1 -8
  302. package/out/zero-solid/src/mod.d.ts.map +1 -1
  303. package/out/zero-solid/src/solid-view.d.ts +3 -5
  304. package/out/zero-solid/src/solid-view.d.ts.map +1 -1
  305. package/out/zero-solid/src/solid-view.js +9 -6
  306. package/out/zero-solid/src/solid-view.js.map +1 -1
  307. package/out/zero-solid/src/{use-zero-connection-state.d.ts → use-connection-state.d.ts} +3 -3
  308. package/out/zero-solid/src/use-connection-state.d.ts.map +1 -0
  309. package/out/zero-solid/src/{use-zero-connection-state.js → use-connection-state.js} +3 -3
  310. package/out/zero-solid/src/use-connection-state.js.map +1 -0
  311. package/out/zero-solid/src/use-query.d.ts +3 -6
  312. package/out/zero-solid/src/use-query.d.ts.map +1 -1
  313. package/out/zero-solid/src/use-query.js +44 -11
  314. package/out/zero-solid/src/use-query.js.map +1 -1
  315. package/out/zero-solid/src/use-zero-online.d.ts +1 -1
  316. package/out/zero-solid/src/use-zero-online.js.map +1 -1
  317. package/out/zero-solid/src/use-zero.d.ts +19 -9
  318. package/out/zero-solid/src/use-zero.d.ts.map +1 -1
  319. package/out/zero-solid/src/use-zero.js +17 -1
  320. package/out/zero-solid/src/use-zero.js.map +1 -1
  321. package/out/zero-solid/src/zero.d.ts +2 -0
  322. package/out/zero-solid/src/zero.d.ts.map +1 -0
  323. package/out/zero-types/src/default-types.d.ts +38 -0
  324. package/out/zero-types/src/default-types.d.ts.map +1 -0
  325. package/out/zero-types/src/schema.d.ts +4 -4
  326. package/out/zql/src/builder/builder.d.ts.map +1 -1
  327. package/out/zql/src/builder/builder.js +1 -13
  328. package/out/zql/src/builder/builder.js.map +1 -1
  329. package/out/zql/src/error.js +1 -10
  330. package/out/zql/src/error.js.map +1 -1
  331. package/out/zql/src/ivm/array-view.d.ts +2 -2
  332. package/out/zql/src/ivm/array-view.d.ts.map +1 -1
  333. package/out/zql/src/ivm/array-view.js +4 -1
  334. package/out/zql/src/ivm/array-view.js.map +1 -1
  335. package/out/zql/src/ivm/data.d.ts +7 -2
  336. package/out/zql/src/ivm/data.d.ts.map +1 -1
  337. package/out/zql/src/ivm/data.js +0 -8
  338. package/out/zql/src/ivm/data.js.map +1 -1
  339. package/out/zql/src/ivm/exists.d.ts +6 -4
  340. package/out/zql/src/ivm/exists.d.ts.map +1 -1
  341. package/out/zql/src/ivm/exists.js +60 -91
  342. package/out/zql/src/ivm/exists.js.map +1 -1
  343. package/out/zql/src/ivm/fan-in.d.ts +5 -3
  344. package/out/zql/src/ivm/fan-in.d.ts.map +1 -1
  345. package/out/zql/src/ivm/fan-in.js +12 -5
  346. package/out/zql/src/ivm/fan-in.js.map +1 -1
  347. package/out/zql/src/ivm/fan-out.d.ts +4 -2
  348. package/out/zql/src/ivm/fan-out.d.ts.map +1 -1
  349. package/out/zql/src/ivm/fan-out.js +16 -6
  350. package/out/zql/src/ivm/fan-out.js.map +1 -1
  351. package/out/zql/src/ivm/filter-operators.d.ts +13 -11
  352. package/out/zql/src/ivm/filter-operators.d.ts.map +1 -1
  353. package/out/zql/src/ivm/filter-operators.js +27 -24
  354. package/out/zql/src/ivm/filter-operators.js.map +1 -1
  355. package/out/zql/src/ivm/filter-push.d.ts +2 -1
  356. package/out/zql/src/ivm/filter-push.d.ts.map +1 -1
  357. package/out/zql/src/ivm/filter-push.js +5 -5
  358. package/out/zql/src/ivm/filter-push.js.map +1 -1
  359. package/out/zql/src/ivm/filter.d.ts +4 -2
  360. package/out/zql/src/ivm/filter.d.ts.map +1 -1
  361. package/out/zql/src/ivm/filter.js +10 -4
  362. package/out/zql/src/ivm/filter.js.map +1 -1
  363. package/out/zql/src/ivm/flipped-join.d.ts +1 -2
  364. package/out/zql/src/ivm/flipped-join.d.ts.map +1 -1
  365. package/out/zql/src/ivm/flipped-join.js +133 -103
  366. package/out/zql/src/ivm/flipped-join.js.map +1 -1
  367. package/out/zql/src/ivm/join-utils.d.ts +9 -2
  368. package/out/zql/src/ivm/join-utils.d.ts.map +1 -1
  369. package/out/zql/src/ivm/join-utils.js +20 -0
  370. package/out/zql/src/ivm/join-utils.js.map +1 -1
  371. package/out/zql/src/ivm/join.d.ts +3 -16
  372. package/out/zql/src/ivm/join.d.ts.map +1 -1
  373. package/out/zql/src/ivm/join.js +62 -128
  374. package/out/zql/src/ivm/join.js.map +1 -1
  375. package/out/zql/src/ivm/maybe-split-and-push-edit-change.d.ts +1 -1
  376. package/out/zql/src/ivm/maybe-split-and-push-edit-change.d.ts.map +1 -1
  377. package/out/zql/src/ivm/maybe-split-and-push-edit-change.js +4 -4
  378. package/out/zql/src/ivm/maybe-split-and-push-edit-change.js.map +1 -1
  379. package/out/zql/src/ivm/memory-source.d.ts +7 -6
  380. package/out/zql/src/ivm/memory-source.d.ts.map +1 -1
  381. package/out/zql/src/ivm/memory-source.js +39 -28
  382. package/out/zql/src/ivm/memory-source.js.map +1 -1
  383. package/out/zql/src/ivm/operator.d.ts +15 -12
  384. package/out/zql/src/ivm/operator.d.ts.map +1 -1
  385. package/out/zql/src/ivm/operator.js +8 -0
  386. package/out/zql/src/ivm/operator.js.map +1 -1
  387. package/out/zql/src/ivm/push-accumulated.d.ts +2 -2
  388. package/out/zql/src/ivm/push-accumulated.d.ts.map +1 -1
  389. package/out/zql/src/ivm/push-accumulated.js +8 -8
  390. package/out/zql/src/ivm/push-accumulated.js.map +1 -1
  391. package/out/zql/src/ivm/skip.d.ts +2 -3
  392. package/out/zql/src/ivm/skip.d.ts.map +1 -1
  393. package/out/zql/src/ivm/skip.js +14 -11
  394. package/out/zql/src/ivm/skip.js.map +1 -1
  395. package/out/zql/src/ivm/source.d.ts +15 -7
  396. package/out/zql/src/ivm/source.d.ts.map +1 -1
  397. package/out/zql/src/ivm/stream.d.ts +2 -0
  398. package/out/zql/src/ivm/stream.d.ts.map +1 -1
  399. package/out/zql/src/ivm/stream.js +5 -14
  400. package/out/zql/src/ivm/stream.js.map +1 -1
  401. package/out/zql/src/ivm/take.d.ts +2 -3
  402. package/out/zql/src/ivm/take.d.ts.map +1 -1
  403. package/out/zql/src/ivm/take.js +168 -140
  404. package/out/zql/src/ivm/take.js.map +1 -1
  405. package/out/zql/src/ivm/union-fan-in.d.ts +4 -4
  406. package/out/zql/src/ivm/union-fan-in.d.ts.map +1 -1
  407. package/out/zql/src/ivm/union-fan-in.js +74 -15
  408. package/out/zql/src/ivm/union-fan-in.js.map +1 -1
  409. package/out/zql/src/ivm/union-fan-out.d.ts +2 -3
  410. package/out/zql/src/ivm/union-fan-out.d.ts.map +1 -1
  411. package/out/zql/src/ivm/union-fan-out.js +3 -6
  412. package/out/zql/src/ivm/union-fan-out.js.map +1 -1
  413. package/out/zql/src/ivm/view-apply-change.d.ts.map +1 -1
  414. package/out/zql/src/ivm/view-apply-change.js +4 -4
  415. package/out/zql/src/ivm/view-apply-change.js.map +1 -1
  416. package/out/zql/src/ivm/view.d.ts +2 -2
  417. package/out/zql/src/ivm/view.d.ts.map +1 -1
  418. package/out/zql/src/mutate/crud.d.ts +116 -0
  419. package/out/zql/src/mutate/crud.d.ts.map +1 -0
  420. package/out/zql/src/mutate/crud.js +41 -0
  421. package/out/zql/src/mutate/crud.js.map +1 -0
  422. package/out/zql/src/mutate/custom.d.ts +24 -62
  423. package/out/zql/src/mutate/custom.d.ts.map +1 -1
  424. package/out/zql/src/mutate/custom.js +1 -5
  425. package/out/zql/src/mutate/custom.js.map +1 -1
  426. package/out/zql/src/mutate/mutator-registry.d.ts +43 -73
  427. package/out/zql/src/mutate/mutator-registry.d.ts.map +1 -1
  428. package/out/zql/src/mutate/mutator-registry.js +25 -34
  429. package/out/zql/src/mutate/mutator-registry.js.map +1 -1
  430. package/out/zql/src/mutate/mutator.d.ts +60 -64
  431. package/out/zql/src/mutate/mutator.d.ts.map +1 -1
  432. package/out/zql/src/mutate/mutator.js +8 -9
  433. package/out/zql/src/mutate/mutator.js.map +1 -1
  434. package/out/zql/src/planner/planner-builder.d.ts +2 -1
  435. package/out/zql/src/planner/planner-builder.d.ts.map +1 -1
  436. package/out/zql/src/planner/planner-builder.js +5 -5
  437. package/out/zql/src/planner/planner-builder.js.map +1 -1
  438. package/out/zql/src/planner/planner-debug.d.ts +3 -3
  439. package/out/zql/src/planner/planner-debug.js.map +1 -1
  440. package/out/zql/src/planner/planner-graph.d.ts +3 -1
  441. package/out/zql/src/planner/planner-graph.d.ts.map +1 -1
  442. package/out/zql/src/planner/planner-graph.js +5 -5
  443. package/out/zql/src/planner/planner-graph.js.map +1 -1
  444. package/out/zql/src/planner/planner-join.d.ts.map +1 -1
  445. package/out/zql/src/planner/planner-join.js +3 -1
  446. package/out/zql/src/planner/planner-join.js.map +1 -1
  447. package/out/zql/src/query/create-builder.d.ts +4 -1
  448. package/out/zql/src/query/create-builder.d.ts.map +1 -1
  449. package/out/zql/src/query/create-builder.js +24 -36
  450. package/out/zql/src/query/create-builder.js.map +1 -1
  451. package/out/zql/src/query/expression.d.ts +5 -5
  452. package/out/zql/src/query/expression.d.ts.map +1 -1
  453. package/out/zql/src/query/expression.js.map +1 -1
  454. package/out/zql/src/query/measure-push-operator.d.ts +2 -3
  455. package/out/zql/src/query/measure-push-operator.d.ts.map +1 -1
  456. package/out/zql/src/query/measure-push-operator.js +2 -5
  457. package/out/zql/src/query/measure-push-operator.js.map +1 -1
  458. package/out/zql/src/query/query-delegate-base.d.ts +12 -6
  459. package/out/zql/src/query/query-delegate-base.d.ts.map +1 -1
  460. package/out/zql/src/query/query-delegate-base.js +132 -2
  461. package/out/zql/src/query/query-delegate-base.js.map +1 -1
  462. package/out/zql/src/query/query-delegate.d.ts +6 -6
  463. package/out/zql/src/query/query-delegate.d.ts.map +1 -1
  464. package/out/zql/src/query/query-impl.d.ts +27 -28
  465. package/out/zql/src/query/query-impl.d.ts.map +1 -1
  466. package/out/zql/src/query/query-impl.js +41 -168
  467. package/out/zql/src/query/query-impl.js.map +1 -1
  468. package/out/zql/src/query/query-internals.d.ts +6 -6
  469. package/out/zql/src/query/query-internals.d.ts.map +1 -1
  470. package/out/zql/src/query/query-internals.js +2 -2
  471. package/out/zql/src/query/query-internals.js.map +1 -1
  472. package/out/zql/src/query/query-registry.d.ts +108 -122
  473. package/out/zql/src/query/query-registry.d.ts.map +1 -1
  474. package/out/zql/src/query/query-registry.js +43 -53
  475. package/out/zql/src/query/query-registry.js.map +1 -1
  476. package/out/zql/src/query/query.d.ts +63 -37
  477. package/out/zql/src/query/query.d.ts.map +1 -1
  478. package/out/zql/src/query/runnable-query-impl.d.ts +22 -0
  479. package/out/zql/src/query/runnable-query-impl.d.ts.map +1 -0
  480. package/out/zql/src/query/runnable-query-impl.js +60 -0
  481. package/out/zql/src/query/runnable-query-impl.js.map +1 -0
  482. package/out/zql/src/query/schema-query.d.ts +2 -1
  483. package/out/zql/src/query/schema-query.d.ts.map +1 -1
  484. package/out/zql/src/query/static-query.d.ts +2 -15
  485. package/out/zql/src/query/static-query.d.ts.map +1 -1
  486. package/out/zql/src/query/static-query.js +10 -37
  487. package/out/zql/src/query/static-query.js.map +1 -1
  488. package/out/zqlite/src/internal/sql-inline.d.ts +13 -0
  489. package/out/zqlite/src/internal/sql-inline.d.ts.map +1 -0
  490. package/out/zqlite/src/internal/sql-inline.js +45 -0
  491. package/out/zqlite/src/internal/sql-inline.js.map +1 -0
  492. package/out/zqlite/src/sqlite-cost-model.d.ts.map +1 -1
  493. package/out/zqlite/src/sqlite-cost-model.js +2 -2
  494. package/out/zqlite/src/sqlite-cost-model.js.map +1 -1
  495. package/out/zqlite/src/table-source.d.ts +10 -3
  496. package/out/zqlite/src/table-source.d.ts.map +1 -1
  497. package/out/zqlite/src/table-source.js +42 -23
  498. package/out/zqlite/src/table-source.js.map +1 -1
  499. package/package.json +9 -5
  500. package/out/zero-client/src/client/bindings.js +0 -33
  501. package/out/zero-client/src/client/bindings.js.map +0 -1
  502. package/out/zero-react/src/components/inspector.d.ts +0 -9
  503. package/out/zero-react/src/components/inspector.d.ts.map +0 -1
  504. package/out/zero-react/src/components/inspector.js +0 -38
  505. package/out/zero-react/src/components/inspector.js.map +0 -1
  506. package/out/zero-react/src/components/mark-icon.d.ts +0 -3
  507. package/out/zero-react/src/components/mark-icon.d.ts.map +0 -1
  508. package/out/zero-react/src/components/mark-icon.js +0 -28
  509. package/out/zero-react/src/components/mark-icon.js.map +0 -1
  510. package/out/zero-react/src/components/zero-inspector.d.ts +0 -8
  511. package/out/zero-react/src/components/zero-inspector.d.ts.map +0 -1
  512. package/out/zero-react/src/components/zero-inspector.js +0 -44
  513. package/out/zero-react/src/components/zero-inspector.js.map +0 -1
  514. package/out/zero-react/src/use-zero-connection-state.d.ts.map +0 -1
  515. package/out/zero-react/src/use-zero-connection-state.js.map +0 -1
  516. package/out/zero-solid/src/use-zero-connection-state.d.ts.map +0 -1
  517. package/out/zero-solid/src/use-zero-connection-state.js.map +0 -1
package/out/zero/src/pg.js CHANGED
@@ -1,13 +1,14 @@
1
1
  import { ApplicationError, isApplicationError, wrapWithApplicationError } from "../../zero-protocol/src/application-error.js";
2
- import { customMutatorKey, splitMutatorKey } from "../../zql/src/mutate/custom.js";
3
- import { TransactionImpl, makeSchemaCRUD, makeServerTransaction } from "../../zero-server/src/custom.js";
4
- import { OutOfOrderMutation, getMutation, handleMutationRequest } from "../../zero-server/src/process-mutations.js";
2
+ import { customMutatorKey } from "../../zql/src/mutate/custom.js";
3
+ import { CRUDMutatorFactory, TransactionImpl, makeSchemaCRUD, makeServerTransaction } from "../../zero-server/src/custom.js";
4
+ import { OutOfOrderMutation, getMutation, handleMutateRequest, handleMutationRequest } from "../../zero-server/src/process-mutations.js";
5
5
  import { PushProcessor } from "../../zero-server/src/push-processor.js";
6
- import { handleGetQueriesRequest, handleTransformRequest } from "../../zero-server/src/queries/process-queries.js";
6
+ import { handleGetQueriesRequest, handleQueryRequest, handleTransformRequest } from "../../zero-server/src/queries/process-queries.js";
7
7
  import { ZQLDatabase } from "../../zero-server/src/zql-database.js";
8
8
  import { PostgresJSConnection, PostgresJsTransactionInternal, zeroPostgresJS } from "../../zero-server/src/adapters/postgresjs.js";
9
9
  export {
10
10
  ApplicationError,
11
+ CRUDMutatorFactory,
11
12
  OutOfOrderMutation,
12
13
  PostgresJSConnection,
13
14
  PostgresJsTransactionInternal,
@@ -17,12 +18,13 @@ export {
17
18
  customMutatorKey,
18
19
  getMutation,
19
20
  handleGetQueriesRequest,
21
+ handleMutateRequest,
20
22
  handleMutationRequest,
23
+ handleQueryRequest,
21
24
  handleTransformRequest,
22
25
  isApplicationError,
23
26
  makeSchemaCRUD,
24
27
  makeServerTransaction,
25
- splitMutatorKey,
26
28
  wrapWithApplicationError,
27
29
  zeroPostgresJS
28
30
  };
package/out/zero/src/react.js CHANGED
@@ -1,17 +1,15 @@
1
- import { ZeroInspector } from "../../zero-react/src/components/zero-inspector.js";
1
+ import { useConnectionState } from "../../zero-react/src/use-connection-state.js";
2
2
  import { useQuery, useSuspenseQuery } from "../../zero-react/src/use-query.js";
3
- import { useZeroConnectionState } from "../../zero-react/src/use-zero-connection-state.js";
4
3
  import { useZeroOnline } from "../../zero-react/src/use-zero-online.js";
5
4
  import { ZeroContext, ZeroProvider, createUseZero, useZero } from "../../zero-react/src/zero-provider.js";
6
5
  export {
7
6
  ZeroContext,
8
- ZeroInspector,
9
7
  ZeroProvider,
10
8
  createUseZero,
9
+ useConnectionState,
11
10
  useQuery,
12
11
  useSuspenseQuery,
13
12
  useZero,
14
- useZeroConnectionState,
15
13
  useZeroOnline
16
14
  };
17
15
  //# sourceMappingURL=react.js.map
package/out/zero/src/react.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"react.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;"}
1
+ {"version":3,"file":"react.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;"}
package/out/zero/src/server.js CHANGED
@@ -1,12 +1,13 @@
1
1
  import { ApplicationError, isApplicationError, wrapWithApplicationError } from "../../zero-protocol/src/application-error.js";
2
- import { customMutatorKey, splitMutatorKey } from "../../zql/src/mutate/custom.js";
3
- import { TransactionImpl, makeSchemaCRUD, makeServerTransaction } from "../../zero-server/src/custom.js";
4
- import { OutOfOrderMutation, getMutation, handleMutationRequest } from "../../zero-server/src/process-mutations.js";
2
+ import { customMutatorKey } from "../../zql/src/mutate/custom.js";
3
+ import { CRUDMutatorFactory, TransactionImpl, makeSchemaCRUD, makeServerTransaction } from "../../zero-server/src/custom.js";
4
+ import { OutOfOrderMutation, getMutation, handleMutateRequest, handleMutationRequest } from "../../zero-server/src/process-mutations.js";
5
5
  import { PushProcessor } from "../../zero-server/src/push-processor.js";
6
- import { handleGetQueriesRequest, handleTransformRequest } from "../../zero-server/src/queries/process-queries.js";
6
+ import { handleGetQueriesRequest, handleQueryRequest, handleTransformRequest } from "../../zero-server/src/queries/process-queries.js";
7
7
  import { ZQLDatabase } from "../../zero-server/src/zql-database.js";
8
8
  export {
9
9
  ApplicationError,
10
+ CRUDMutatorFactory,
10
11
  OutOfOrderMutation,
11
12
  PushProcessor,
12
13
  TransactionImpl,
@@ -14,12 +15,13 @@ export {
14
15
  customMutatorKey,
15
16
  getMutation,
16
17
  handleGetQueriesRequest,
18
+ handleMutateRequest,
17
19
  handleMutationRequest,
20
+ handleQueryRequest,
18
21
  handleTransformRequest,
19
22
  isApplicationError,
20
23
  makeSchemaCRUD,
21
24
  makeServerTransaction,
22
- splitMutatorKey,
23
25
  wrapWithApplicationError
24
26
  };
25
27
  //# sourceMappingURL=server.js.map
package/out/zero/src/solid.js CHANGED
@@ -1,5 +1,5 @@
1
+ import { useConnectionState } from "../../zero-solid/src/use-connection-state.js";
1
2
  import { createQuery, useQuery } from "../../zero-solid/src/use-query.js";
2
- import { useZeroConnectionState } from "../../zero-solid/src/use-zero-connection-state.js";
3
3
  import { useZeroOnline } from "../../zero-solid/src/use-zero-online.js";
4
4
  import { ZeroProvider, createUseZero, createZero, useZero } from "../../zero-solid/src/use-zero.js";
5
5
  export {
@@ -7,9 +7,9 @@ export {
7
7
  createQuery,
8
8
  createUseZero,
9
9
  createZero,
10
+ useConnectionState,
10
11
  useQuery,
11
12
  useZero,
12
- useZeroConnectionState,
13
13
  useZeroOnline
14
14
  };
15
15
  //# sourceMappingURL=solid.js.map
package/out/zero/src/zero-cache-dev.js CHANGED
@@ -26,11 +26,11 @@ async function main() {
26
26
  schema: {
27
27
  path: {
28
28
  type: string().optional(),
29
- desc: [
30
- "Relative path to the file containing the schema definition.",
31
- "The file must have a default export of type SchemaConfig."
32
- ],
33
- alias: "p"
29
+ desc: ["Relative path to the file containing permissions."],
30
+ alias: "p",
31
+ deprecated: [
32
+ "Permissions are deprecated and will be removed in an upcoming release. See: https://zero.rocicorp.dev/docs/auth."
33
+ ]
34
34
  }
35
35
  },
36
36
  ...zeroOptions
@@ -131,6 +131,12 @@ async function main() {
131
131
  }
132
132
  }
133
133
  if (config.schema.path) {
134
+ if (config.query.url && config.mutate.url) {
135
+ lc.error?.(
136
+ "Cannot use -p/--path/ZERO_SCHEMA_PATH flag when using ZERO_MUTATE_URL and ZERO_QUERY_URL."
137
+ );
138
+ process.exit(-1);
139
+ }
134
140
  await deployPermissionsAndStartZeroCache();
135
141
  const watcher = watch(config.schema.path, {
136
142
  ignoreInitial: true,
package/out/zero/src/zero-cache-dev.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"zero-cache-dev.js","sources":["../../../src/zero-cache-dev.ts"],"sourcesContent":["#!/usr/bin/env node\n\nimport '../../shared/src/dotenv.ts';\n\nimport {resolver} from '@rocicorp/resolver';\nimport {watch} from 'chokidar';\nimport {spawn, type ChildProcess} from 'node:child_process';\nimport {createLogContext} from '../../shared/src/logging.ts';\nimport {parseOptionsAdvanced} from '../../shared/src/options.ts';\nimport * as v from '../../shared/src/valita.ts';\nimport {\n ZERO_ENV_VAR_PREFIX,\n zeroOptions,\n} from '../../zero-cache/src/config/zero-config.ts';\nimport {deployPermissionsOptions} from '../../zero-cache/src/scripts/permissions.ts';\n\nconst deployPermissionsScript = 'zero-deploy-permissions';\nconst zeroCacheScript = 'zero-cache';\n\nfunction killProcess(childProcess: ChildProcess | undefined) {\n if (!childProcess || childProcess.exitCode !== null) {\n return Promise.resolve();\n }\n const {resolve, promise} = resolver();\n childProcess.on('exit', resolve);\n // Use SIGQUIT in particular since this will cause\n // a fast zero-cache shutdown instead of a graceful drain.\n childProcess.kill('SIGQUIT');\n return promise;\n}\n\nasync function main() {\n const {config} = parseOptionsAdvanced(\n {\n schema: {\n path: {\n type: v.string().optional(),\n desc: [\n 'Relative path to the file containing the schema definition.',\n 'The file must have a default export of type SchemaConfig.',\n ],\n alias: 'p',\n },\n },\n ...zeroOptions,\n },\n {\n envNamePrefix: ZERO_ENV_VAR_PREFIX,\n // TODO: This may no longer be necessary since multi-tenant was removed.\n allowPartial: true, // required by server/runner/config.ts\n },\n );\n\n const lc = createLogContext(config);\n\n process.on('unhandledRejection', reason => {\n lc.error?.('Unexpected unhandled rejection.', reason);\n lc.error?.('Exiting');\n process.exit(-1);\n });\n\n // Parse options for each subprocess to get environment variables\n const {env: deployPermissionsEnv} = parseOptionsAdvanced(\n deployPermissionsOptions,\n {\n envNamePrefix: ZERO_ENV_VAR_PREFIX,\n allowUnknown: true,\n includeDefaults: false,\n },\n );\n const {env: zeroCacheEnv} = parseOptionsAdvanced(zeroOptions, {\n envNamePrefix: ZERO_ENV_VAR_PREFIX,\n allowUnknown: true,\n includeDefaults: false,\n });\n\n let permissionsProcess: ChildProcess | undefined;\n let zeroCacheProcess: ChildProcess | undefined;\n\n // Ensure child processes are killed when the main process exits\n process.on('exit', () => {\n permissionsProcess?.kill('SIGQUIT');\n zeroCacheProcess?.kill('SIGQUIT');\n });\n\n async function deployPermissions(): Promise<boolean> {\n if (config.upstream.type !== 'pg') {\n lc.warn?.(\n `Skipping permissions deployment for ${config.upstream.type} upstream`,\n );\n return true;\n }\n permissionsProcess?.removeAllListeners('exit');\n await killProcess(permissionsProcess);\n permissionsProcess = undefined;\n\n lc.info?.(`Running ${deployPermissionsScript}.`);\n permissionsProcess = spawn(deployPermissionsScript, [], {\n env: {...process.env, ...deployPermissionsEnv},\n stdio: 'inherit',\n shell: true,\n });\n\n const {promise: code, resolve} = resolver<number>();\n permissionsProcess.on('exit', resolve);\n if ((await code) === 0) {\n lc.info?.(`${deployPermissionsScript} completed successfully.`);\n return true;\n }\n lc.error?.(`Failed to deploy permissions from ${config.schema.path}.`);\n return false;\n }\n\n async function startZeroCache() {\n zeroCacheProcess?.removeAllListeners('exit');\n await killProcess(zeroCacheProcess);\n zeroCacheProcess = undefined;\n\n lc.info?.(\n `Running ${zeroCacheScript} at\\n\\n\\thttp://localhost:${config.port}\\n`,\n );\n const env: NodeJS.ProcessEnv = {\n // Set some low defaults so as to use fewer resources and not trip up,\n // e.g. developers sharing a database.\n ['ZERO_NUM_SYNC_WORKERS']: '3',\n ['ZERO_CVR_MAX_CONNS']: '6',\n ['ZERO_UPSTREAM_MAX_CONNS']: '6',\n\n // Default NODE_ENV to development mode.\n // @ts-ignore NODE_ENV is not always set. Please ignore error.\n ['NODE_ENV']: 'development',\n\n // But let the developer override any of these dev defaults.\n ...process.env,\n ...zeroCacheEnv,\n };\n zeroCacheProcess = spawn(zeroCacheScript, [], {\n env,\n stdio: 'inherit',\n shell: true,\n });\n zeroCacheProcess.on('exit', () => {\n lc.error?.(`${zeroCacheScript} exited. Exiting.`);\n process.exit(-1);\n });\n }\n\n async function deployPermissionsAndStartZeroCache() {\n if (await deployPermissions()) {\n await startZeroCache();\n }\n }\n\n if (config.schema.path) {\n await deployPermissionsAndStartZeroCache();\n\n // Watch for file changes\n const watcher = watch(config.schema.path, {\n ignoreInitial: true,\n awaitWriteFinish: {stabilityThreshold: 500, pollInterval: 100},\n });\n const onFileChange = async () => {\n lc.info?.(`Detected ${config.schema.path} change.`);\n await deployPermissions();\n };\n watcher.on('add', onFileChange);\n watcher.on('change', onFileChange);\n watcher.on('unlink', onFileChange);\n } else {\n await startZeroCache();\n }\n}\n\nvoid main();\n"],"names":["v.string"],"mappings":";;;;;;;;;;;AAgBA,MAAM,0BAA0B;AAChC,MAAM,kBAAkB;AAExB,SAAS,YAAY,cAAwC;AAC3D,MAAI,CAAC,gBAAgB,aAAa,aAAa,MAAM;AACnD,WAAO,QAAQ,QAAA;AAAA,EACjB;AACA,QAAM,EAAC,SAAS,QAAA,IAAW,SAAA;AAC3B,eAAa,GAAG,QAAQ,OAAO;AAG/B,eAAa,KAAK,SAAS;AAC3B,SAAO;AACT;AAEA,eAAe,OAAO;AACpB,QAAM,EAAC,WAAU;AAAA,IACf;AAAA,MACE,QAAQ;AAAA,QACN,MAAM;AAAA,UACJ,MAAMA,OAAE,EAAS,SAAA;AAAA,UACjB,MAAM;AAAA,YACJ;AAAA,YACA;AAAA,UAAA;AAAA,UAEF,OAAO;AAAA,QAAA;AAAA,MACT;AAAA,MAEF,GAAG;AAAA,IAAA;AAAA,IAEL;AAAA,MACE,eAAe;AAAA;AAAA,MAEf,cAAc;AAAA;AAAA,IAAA;AAAA,EAChB;AAGF,QAAM,KAAK,iBAAiB,MAAM;AAElC,UAAQ,GAAG,sBAAsB,CAAA,WAAU;AACzC,OAAG,QAAQ,mCAAmC,MAAM;AACpD,OAAG,QAAQ,SAAS;AACpB,YAAQ,KAAK,EAAE;AAAA,EACjB,CAAC;AAGD,QAAM,EAAC,KAAK,qBAAA,IAAwB;AAAA,IAClC;AAAA,IACA;AAAA,MACE,eAAe;AAAA,MACf,cAAc;AAAA,MACd,iBAAiB;AAAA,IAAA;AAAA,EACnB;AAEF,QAAM,EAAC,KAAK,iBAAgB,qBAAqB,aAAa;AAAA,IAC5D,eAAe;AAAA,IACf,cAAc;AAAA,IACd,iBAAiB;AAAA,EAAA,CAClB;AAED,MAAI;AACJ,MAAI;AAGJ,UAAQ,GAAG,QAAQ,MAAM;AACvB,wBAAoB,KAAK,SAAS;AAClC,sBAAkB,KAAK,SAAS;AAAA,EAClC,CAAC;AAED,iBAAe,oBAAsC;AACnD,QAAI,OAAO,SAAS,SAAS,MAAM;AACjC,SAAG;AAAA,QACD,uCAAuC,OAAO,SAAS,IAAI;AAAA,MAAA;AAE7D,aAAO;AAAA,IACT;AACA,wBAAoB,mBAAmB,MAAM;AAC7C,UAAM,YAAY,kBAAkB;AACpC,yBAAqB;AAErB,OAAG,OAAO,WAAW,uBAAuB,GAAG;AAC/C,yBAAqB,MAAM,yBAAyB,IAAI;AAAA,MACtD,KAAK,EAAC,GAAG,QAAQ,KAAK,GAAG,qBAAA;AAAA,MACzB,OAAO;AAAA,MACP,OAAO;AAAA,IAAA,CACR;AAED,UAAM,EAAC,SAAS,MAAM,QAAA,IAAW,SAAA;AACjC,uBAAmB,GAAG,QAAQ,OAAO;AACrC,QAAK,MAAM,SAAU,GAAG;AACtB,SAAG,OAAO,GAAG,uBAAuB,0BAA0B;AAC9D,aAAO;AAAA,IACT;AACA,OAAG,QAAQ,qCAAqC,OAAO,OAAO,IAAI,GAAG;AACrE,WAAO;AAAA,EACT;AAEA,iBAAe,iBAAiB;AAC9B,sBAAkB,mBAAmB,MAAM;AAC3C,UAAM,YAAY,gBAAgB;AAClC,uBAAmB;AAEnB,OAAG;AAAA,MACD,WAAW,eAAe;AAAA;AAAA,oBAA6B,OAAO,IAAI;AAAA;AAAA,IAAA;AAEpE,UAAM,MAAyB;AAAA;AAAA;AAAA,MAG7B,CAAC,uBAAuB,GAAG;AAAA,MAC3B,CAAC,oBAAoB,GAAG;AAAA,MACxB,CAAC,yBAAyB,GAAG;AAAA;AAAA;AAAA,MAI7B,CAAC,UAAU,GAAG;AAAA;AAAA,MAGd,GAAG,QAAQ;AAAA,MACX,GAAG;AAAA,IAAA;AAEL,uBAAmB,MAAM,iBAAiB,IAAI;AAAA,MAC5C;AAAA,MACA,OAAO;AAAA,MACP,OAAO;AAAA,IAAA,CACR;AACD,qBAAiB,GAAG,QAAQ,MAAM;AAChC,SAAG,QAAQ,GAAG,eAAe,mBAAmB;AAChD,cAAQ,KAAK,EAAE;AAAA,IACjB,CAAC;AAAA,EACH;AAEA,iBAAe,qCAAqC;AAClD,QAAI,MAAM,qBAAqB;AAC7B,YAAM,eAAA;AAAA,IACR;AAAA,EACF;AAEA,MAAI,OAAO,OAAO,MAAM;AACtB,UAAM,mCAAA;AAGN,UAAM,UAAU,MAAM,OAAO,OAAO,MAAM;AAAA,MACxC,eAAe;AAAA,MACf,kBAAkB,EAAC,oBAAoB,KAAK,cAAc,IAAA;AAAA,IAAG,CAC9D;AACD,UAAM,eAAe,YAAY;AAC/B,SAAG,OAAO,YAAY,OAAO,OAAO,IAAI,UAAU;AAClD,YAAM,kBAAA;AAAA,IACR;AACA,YAAQ,GAAG,OAAO,YAAY;AAC9B,YAAQ,GAAG,UAAU,YAAY;AACjC,YAAQ,GAAG,UAAU,YAAY;AAAA,EACnC,OAAO;AACL,UAAM,eAAA;AAAA,EACR;AACF;AAEA,KAAK,KAAA;"}
1
+ {"version":3,"file":"zero-cache-dev.js","sources":["../../../src/zero-cache-dev.ts"],"sourcesContent":["#!/usr/bin/env node\n\nimport '../../shared/src/dotenv.ts';\n\nimport {resolver} from '@rocicorp/resolver';\nimport {watch} from 'chokidar';\nimport {spawn, type ChildProcess} from 'node:child_process';\nimport {createLogContext} from '../../shared/src/logging.ts';\nimport {parseOptionsAdvanced} from '../../shared/src/options.ts';\nimport * as v from '../../shared/src/valita.ts';\nimport {\n ZERO_ENV_VAR_PREFIX,\n zeroOptions,\n} from '../../zero-cache/src/config/zero-config.ts';\nimport {deployPermissionsOptions} from '../../zero-cache/src/scripts/permissions.ts';\n\nconst deployPermissionsScript = 'zero-deploy-permissions';\nconst zeroCacheScript = 'zero-cache';\n\nfunction killProcess(childProcess: ChildProcess | undefined) {\n if (!childProcess || childProcess.exitCode !== null) {\n return Promise.resolve();\n }\n const {resolve, promise} = resolver();\n childProcess.on('exit', resolve);\n // Use SIGQUIT in particular since this will cause\n // a fast zero-cache shutdown instead of a graceful drain.\n childProcess.kill('SIGQUIT');\n return promise;\n}\n\nasync function main() {\n const {config} = parseOptionsAdvanced(\n {\n schema: {\n path: {\n type: v.string().optional(),\n desc: ['Relative path to the file containing permissions.'],\n alias: 'p',\n deprecated: [\n 'Permissions are deprecated and will be removed in an upcoming release. See: https://zero.rocicorp.dev/docs/auth.',\n ],\n },\n },\n ...zeroOptions,\n },\n {\n envNamePrefix: ZERO_ENV_VAR_PREFIX,\n // TODO: This may no longer be necessary since multi-tenant was removed.\n allowPartial: true, // required by server/runner/config.ts\n },\n );\n\n const lc = createLogContext(config);\n\n process.on('unhandledRejection', reason => {\n lc.error?.('Unexpected unhandled rejection.', reason);\n lc.error?.('Exiting');\n process.exit(-1);\n });\n\n // Parse options for each subprocess to get environment variables\n const {env: deployPermissionsEnv} = parseOptionsAdvanced(\n deployPermissionsOptions,\n {\n envNamePrefix: ZERO_ENV_VAR_PREFIX,\n allowUnknown: true,\n includeDefaults: false,\n },\n );\n const {env: zeroCacheEnv} = parseOptionsAdvanced(zeroOptions, {\n envNamePrefix: ZERO_ENV_VAR_PREFIX,\n allowUnknown: true,\n includeDefaults: false,\n });\n\n let permissionsProcess: ChildProcess | undefined;\n let zeroCacheProcess: ChildProcess | undefined;\n\n // Ensure child processes are killed when the main process exits\n process.on('exit', () => {\n permissionsProcess?.kill('SIGQUIT');\n zeroCacheProcess?.kill('SIGQUIT');\n });\n\n async function deployPermissions(): Promise<boolean> {\n if (config.upstream.type !== 'pg') {\n lc.warn?.(\n `Skipping permissions deployment for ${config.upstream.type} upstream`,\n );\n return true;\n }\n permissionsProcess?.removeAllListeners('exit');\n await killProcess(permissionsProcess);\n permissionsProcess = undefined;\n\n lc.info?.(`Running ${deployPermissionsScript}.`);\n permissionsProcess = spawn(deployPermissionsScript, [], {\n env: {...process.env, ...deployPermissionsEnv},\n stdio: 'inherit',\n shell: true,\n });\n\n const {promise: code, resolve} = resolver<number>();\n permissionsProcess.on('exit', resolve);\n if ((await code) === 0) {\n lc.info?.(`${deployPermissionsScript} completed successfully.`);\n return true;\n }\n lc.error?.(`Failed to deploy permissions from ${config.schema.path}.`);\n return false;\n }\n\n async function startZeroCache() {\n zeroCacheProcess?.removeAllListeners('exit');\n await killProcess(zeroCacheProcess);\n zeroCacheProcess = undefined;\n\n lc.info?.(\n `Running ${zeroCacheScript} at\\n\\n\\thttp://localhost:${config.port}\\n`,\n );\n const env: NodeJS.ProcessEnv = {\n // Set some low defaults so as to use fewer resources and not trip up,\n // e.g. developers sharing a database.\n ['ZERO_NUM_SYNC_WORKERS']: '3',\n ['ZERO_CVR_MAX_CONNS']: '6',\n ['ZERO_UPSTREAM_MAX_CONNS']: '6',\n\n // Default NODE_ENV to development mode.\n // @ts-ignore NODE_ENV is not always set. Please ignore error.\n ['NODE_ENV']: 'development',\n\n // But let the developer override any of these dev defaults.\n ...process.env,\n ...zeroCacheEnv,\n };\n zeroCacheProcess = spawn(zeroCacheScript, [], {\n env,\n stdio: 'inherit',\n shell: true,\n });\n zeroCacheProcess.on('exit', () => {\n lc.error?.(`${zeroCacheScript} exited. Exiting.`);\n process.exit(-1);\n });\n }\n\n async function deployPermissionsAndStartZeroCache() {\n if (await deployPermissions()) {\n await startZeroCache();\n }\n }\n\n if (config.schema.path) {\n if (config.query.url && config.mutate.url) {\n lc.error?.(\n 'Cannot use -p/--path/ZERO_SCHEMA_PATH flag when using ZERO_MUTATE_URL and ZERO_QUERY_URL.',\n );\n process.exit(-1);\n }\n\n await deployPermissionsAndStartZeroCache();\n\n // Watch for file changes\n const watcher = watch(config.schema.path, {\n ignoreInitial: true,\n awaitWriteFinish: {stabilityThreshold: 500, pollInterval: 100},\n });\n const onFileChange = async () => {\n lc.info?.(`Detected ${config.schema.path} change.`);\n await deployPermissions();\n };\n watcher.on('add', onFileChange);\n watcher.on('change', onFileChange);\n watcher.on('unlink', onFileChange);\n } else {\n await startZeroCache();\n }\n}\n\nvoid main();\n"],"names":["v.string"],"mappings":";;;;;;;;;;;AAgBA,MAAM,0BAA0B;AAChC,MAAM,kBAAkB;AAExB,SAAS,YAAY,cAAwC;AAC3D,MAAI,CAAC,gBAAgB,aAAa,aAAa,MAAM;AACnD,WAAO,QAAQ,QAAA;AAAA,EACjB;AACA,QAAM,EAAC,SAAS,QAAA,IAAW,SAAA;AAC3B,eAAa,GAAG,QAAQ,OAAO;AAG/B,eAAa,KAAK,SAAS;AAC3B,SAAO;AACT;AAEA,eAAe,OAAO;AACpB,QAAM,EAAC,WAAU;AAAA,IACf;AAAA,MACE,QAAQ;AAAA,QACN,MAAM;AAAA,UACJ,MAAMA,OAAE,EAAS,SAAA;AAAA,UACjB,MAAM,CAAC,mDAAmD;AAAA,UAC1D,OAAO;AAAA,UACP,YAAY;AAAA,YACV;AAAA,UAAA;AAAA,QACF;AAAA,MACF;AAAA,MAEF,GAAG;AAAA,IAAA;AAAA,IAEL;AAAA,MACE,eAAe;AAAA;AAAA,MAEf,cAAc;AAAA;AAAA,IAAA;AAAA,EAChB;AAGF,QAAM,KAAK,iBAAiB,MAAM;AAElC,UAAQ,GAAG,sBAAsB,CAAA,WAAU;AACzC,OAAG,QAAQ,mCAAmC,MAAM;AACpD,OAAG,QAAQ,SAAS;AACpB,YAAQ,KAAK,EAAE;AAAA,EACjB,CAAC;AAGD,QAAM,EAAC,KAAK,qBAAA,IAAwB;AAAA,IAClC;AAAA,IACA;AAAA,MACE,eAAe;AAAA,MACf,cAAc;AAAA,MACd,iBAAiB;AAAA,IAAA;AAAA,EACnB;AAEF,QAAM,EAAC,KAAK,iBAAgB,qBAAqB,aAAa;AAAA,IAC5D,eAAe;AAAA,IACf,cAAc;AAAA,IACd,iBAAiB;AAAA,EAAA,CAClB;AAED,MAAI;AACJ,MAAI;AAGJ,UAAQ,GAAG,QAAQ,MAAM;AACvB,wBAAoB,KAAK,SAAS;AAClC,sBAAkB,KAAK,SAAS;AAAA,EAClC,CAAC;AAED,iBAAe,oBAAsC;AACnD,QAAI,OAAO,SAAS,SAAS,MAAM;AACjC,SAAG;AAAA,QACD,uCAAuC,OAAO,SAAS,IAAI;AAAA,MAAA;AAE7D,aAAO;AAAA,IACT;AACA,wBAAoB,mBAAmB,MAAM;AAC7C,UAAM,YAAY,kBAAkB;AACpC,yBAAqB;AAErB,OAAG,OAAO,WAAW,uBAAuB,GAAG;AAC/C,yBAAqB,MAAM,yBAAyB,IAAI;AAAA,MACtD,KAAK,EAAC,GAAG,QAAQ,KAAK,GAAG,qBAAA;AAAA,MACzB,OAAO;AAAA,MACP,OAAO;AAAA,IAAA,CACR;AAED,UAAM,EAAC,SAAS,MAAM,QAAA,IAAW,SAAA;AACjC,uBAAmB,GAAG,QAAQ,OAAO;AACrC,QAAK,MAAM,SAAU,GAAG;AACtB,SAAG,OAAO,GAAG,uBAAuB,0BAA0B;AAC9D,aAAO;AAAA,IACT;AACA,OAAG,QAAQ,qCAAqC,OAAO,OAAO,IAAI,GAAG;AACrE,WAAO;AAAA,EACT;AAEA,iBAAe,iBAAiB;AAC9B,sBAAkB,mBAAmB,MAAM;AAC3C,UAAM,YAAY,gBAAgB;AAClC,uBAAmB;AAEnB,OAAG;AAAA,MACD,WAAW,eAAe;AAAA;AAAA,oBAA6B,OAAO,IAAI;AAAA;AAAA,IAAA;AAEpE,UAAM,MAAyB;AAAA;AAAA;AAAA,MAG7B,CAAC,uBAAuB,GAAG;AAAA,MAC3B,CAAC,oBAAoB,GAAG;AAAA,MACxB,CAAC,yBAAyB,GAAG;AAAA;AAAA;AAAA,MAI7B,CAAC,UAAU,GAAG;AAAA;AAAA,MAGd,GAAG,QAAQ;AAAA,MACX,GAAG;AAAA,IAAA;AAEL,uBAAmB,MAAM,iBAAiB,IAAI;AAAA,MAC5C;AAAA,MACA,OAAO;AAAA,MACP,OAAO;AAAA,IAAA,CACR;AACD,qBAAiB,GAAG,QAAQ,MAAM;AAChC,SAAG,QAAQ,GAAG,eAAe,mBAAmB;AAChD,cAAQ,KAAK,EAAE;AAAA,IACjB,CAAC;AAAA,EACH;AAEA,iBAAe,qCAAqC;AAClD,QAAI,MAAM,qBAAqB;AAC7B,YAAM,eAAA;AAAA,IACR;AAAA,EACF;AAEA,MAAI,OAAO,OAAO,MAAM;AACtB,QAAI,OAAO,MAAM,OAAO,OAAO,OAAO,KAAK;AACzC,SAAG;AAAA,QACD;AAAA,MAAA;AAEF,cAAQ,KAAK,EAAE;AAAA,IACjB;AAEA,UAAM,mCAAA;AAGN,UAAM,UAAU,MAAM,OAAO,OAAO,MAAM;AAAA,MACxC,eAAe;AAAA,MACf,kBAAkB,EAAC,oBAAoB,KAAK,cAAc,IAAA;AAAA,IAAG,CAC9D;AACD,UAAM,eAAe,YAAY;AAC/B,SAAG,OAAO,YAAY,OAAO,OAAO,IAAI,UAAU;AAClD,YAAM,kBAAA;AAAA,IACR;AACA,YAAQ,GAAG,OAAO,YAAY;AAC9B,YAAQ,GAAG,UAAU,YAAY;AACjC,YAAQ,GAAG,UAAU,YAAY;AAAA,EACnC,OAAO;AACL,UAAM,eAAA;AAAA,EACR;AACF;AAEA,KAAK,KAAA;"}
package/out/zero/src/zero.js CHANGED
@@ -9,27 +9,26 @@ import { relationships } from "../../zero-schema/src/builder/relationship-builde
9
9
  import { createSchema } from "../../zero-schema/src/builder/schema-builder.js";
10
10
  import { boolean, enumeration, json, number, string, table } from "../../zero-schema/src/builder/table-builder.js";
11
11
  import { ANYONE_CAN, ANYONE_CAN_DO_ANYTHING, NOBODY_CAN, definePermissions } from "../../zero-schema/src/permissions.js";
12
- import { applyChange } from "../../zql/src/ivm/view-apply-change.js";
13
12
  import { defineMutators, defineMutatorsWithType, getMutator, isMutatorRegistry, mustGetMutator } from "../../zql/src/mutate/mutator-registry.js";
14
13
  import { defineMutator, defineMutatorWithType, isMutator, isMutatorDefinition } from "../../zql/src/mutate/mutator.js";
15
14
  import { createBuilder } from "../../zql/src/query/create-builder.js";
16
15
  import { escapeLike } from "../../zql/src/query/escape-like.js";
17
16
  import { syncedQuery, syncedQueryWithContext, withValidation } from "../../zql/src/query/named.js";
18
- import { defineQueries, defineQueriesWithType, defineQuery, defineQueryWithType, getQuery, isQueryDefinition, mustGetQuery } from "../../zql/src/query/query-registry.js";
19
- import { bindingsForZero, registerZeroDelegate } from "../../zero-client/src/client/bindings.js";
17
+ import { defineQueries, defineQueriesWithType, defineQuery, defineQueryWithType, getQuery, isQuery, isQueryDefinition, isQueryRegistry, mustGetQuery } from "../../zql/src/query/query-registry.js";
18
+ import "../../zero-protocol/src/ast.js";
19
+ import * as connectionStatusEnum from "../../zero-client/src/client/connection-status-enum.js";
20
20
  import * as updateNeededReasonTypeEnum from "../../zero-client/src/client/update-needed-reason-type-enum.js";
21
21
  import { Zero } from "../../zero-client/src/client/zero.js";
22
22
  export {
23
23
  ANYONE_CAN,
24
24
  ANYONE_CAN_DO_ANYTHING,
25
25
  ApplicationError,
26
+ connectionStatusEnum as ConnectionStatus,
26
27
  IDBNotFoundError,
27
28
  NOBODY_CAN,
28
29
  TransactionClosedError,
29
30
  updateNeededReasonTypeEnum as UpdateNeededReasonType,
30
31
  Zero,
31
- applyChange,
32
- bindingsForZero,
33
32
  boolean,
34
33
  createBuilder,
35
34
  createSchema,
@@ -52,13 +51,14 @@ export {
52
51
  isMutator,
53
52
  isMutatorDefinition,
54
53
  isMutatorRegistry,
54
+ isQuery,
55
55
  isQueryDefinition,
56
+ isQueryRegistry,
56
57
  json,
57
58
  makeIDBName,
58
59
  mustGetMutator,
59
60
  mustGetQuery,
60
61
  number,
61
- registerZeroDelegate,
62
62
  relationships,
63
63
  string,
64
64
  syncedQuery,
package/out/zero-cache/src/auth/read-authorizer.d.ts CHANGED
@@ -1,7 +1,7 @@
1
+ import type { LogContext } from '@rocicorp/logger';
1
2
  import type { JWTPayload } from 'jose';
2
3
  import type { AST } from '../../../zero-protocol/src/ast.ts';
3
4
  import type { PermissionsConfig } from '../../../zero-schema/src/compiled-permissions.ts';
4
- import type { LogContext } from '@rocicorp/logger';
5
5
  export type TransformedAndHashed = {
6
6
  id: string;
7
7
  transformedAst: AST;
package/out/zero-cache/src/auth/read-authorizer.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"read-authorizer.d.ts","sourceRoot":"","sources":["../../../../../zero-cache/src/auth/read-authorizer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,MAAM,CAAC;AAGrC,OAAO,KAAK,EAAC,GAAG,EAAY,MAAM,mCAAmC,CAAC;AACtE,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,kDAAkD,CAAC;AAExF,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAGjD,MAAM,MAAM,oBAAoB,GAAG;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,cAAc,EAAE,GAAG,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAAC;AACF;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CACnC,EAAE,EAAE,UAAU,EACd,EAAE,EAAE,MAAM,EACV,KAAK,EAAE,GAAG,EACV,eAAe,EAAE,iBAAiB,EAClC,QAAQ,EAAE,UAAU,GAAG,SAAS,EAChC,aAAa,EAAE,OAAO,GAAG,IAAI,GAAG,SAAS,GACxC,oBAAoB,CAStB;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,EAAE,EAAE,UAAU,EACd,KAAK,EAAE,GAAG,EACV,eAAe,EAAE,iBAAiB,EAClC,QAAQ,EAAE,UAAU,GAAG,SAAS,GAC/B,GAAG,CASL"}
1
+ {"version":3,"file":"read-authorizer.d.ts","sourceRoot":"","sources":["../../../../../zero-cache/src/auth/read-authorizer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AACjD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,MAAM,CAAC;AAErC,OAAO,KAAK,EAAC,GAAG,EAAY,MAAM,mCAAmC,CAAC;AAEtE,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,kDAAkD,CAAC;AAIxF,MAAM,MAAM,oBAAoB,GAAG;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,cAAc,EAAE,GAAG,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAAC;AACF;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CACnC,EAAE,EAAE,UAAU,EACd,EAAE,EAAE,MAAM,EACV,KAAK,EAAE,GAAG,EACV,eAAe,EAAE,iBAAiB,EAClC,QAAQ,EAAE,UAAU,GAAG,SAAS,EAChC,aAAa,EAAE,OAAO,GAAG,IAAI,GAAG,SAAS,GACxC,oBAAoB,CAStB;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,EAAE,EAAE,UAAU,EACd,KAAK,EAAE,GAAG,EACV,eAAe,EAAE,iBAAiB,EAClC,QAAQ,EAAE,UAAU,GAAG,SAAS,GAC/B,GAAG,CASL"}
package/out/zero-cache/src/auth/read-authorizer.js CHANGED
@@ -20,7 +20,7 @@ function transformQuery(lc, query, permissionRules, authData) {
20
20
  });
21
21
  }
22
22
  function transformQueryInternal(lc, query, permissionRules) {
23
- let rowSelectRules = permissionRules.tables[query.table]?.row?.select;
23
+ let rowSelectRules = permissionRules?.tables?.[query.table]?.row?.select;
24
24
  if (!rowSelectRules || rowSelectRules.length === 0) {
25
25
  lc.warn?.(
26
26
  "No permission rules found for table '" + query.table + "'. No rows will be returned. Use ANYONE_CAN to allow all users to access all rows."
package/out/zero-cache/src/auth/read-authorizer.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"read-authorizer.js","sources":["../../../../../zero-cache/src/auth/read-authorizer.ts"],"sourcesContent":["import type {JWTPayload} from 'jose';\nimport type {JSONValue} from '../../../shared/src/json.ts';\nimport {hashOfAST} from '../../../zero-protocol/src/query-hash.ts';\nimport type {AST, Condition} from '../../../zero-protocol/src/ast.ts';\nimport type {PermissionsConfig} from '../../../zero-schema/src/compiled-permissions.ts';\nimport {bindStaticParameters} from '../../../zql/src/builder/builder.ts';\nimport type {LogContext} from '@rocicorp/logger';\nimport {simplifyCondition} from '../../../zql/src/query/expression.ts';\n\nexport type TransformedAndHashed = {\n id: string;\n transformedAst: AST;\n transformationHash: string;\n};\n/**\n * Adds permission rules to the given query so it only returns rows that the\n * user is allowed to read.\n *\n * If the returned query is `undefined` that means that user cannot run\n * the query at all. This is only the case if we can infer that all rows\n * would be excluded without running the query.\n * E.g., the user is trying to query a table that is not readable.\n */\nexport function transformAndHashQuery(\n lc: LogContext,\n id: string,\n query: AST,\n permissionRules: PermissionsConfig,\n authData: JWTPayload | undefined,\n internalQuery: boolean | null | undefined,\n): TransformedAndHashed {\n const transformed = internalQuery\n ? query // application permissions do not apply to internal queries\n : transformQuery(lc, query, permissionRules, authData);\n return {\n id,\n transformedAst: transformed,\n transformationHash: hashOfAST(transformed),\n };\n}\n\n/**\n * For a given AST, apply the read-auth rules and bind static auth data.\n */\nexport function transformQuery(\n lc: LogContext,\n query: AST,\n permissionRules: PermissionsConfig,\n authData: JWTPayload | undefined,\n): AST {\n const queryWithPermissions = transformQueryInternal(\n lc,\n query,\n permissionRules,\n );\n return bindStaticParameters(queryWithPermissions, {\n authData: authData as Record<string, JSONValue>,\n });\n}\n\nfunction transformQueryInternal(\n lc: LogContext,\n query: AST,\n permissionRules: PermissionsConfig,\n): AST {\n let rowSelectRules = permissionRules.tables[query.table]?.row?.select;\n\n if (!rowSelectRules || rowSelectRules.length === 0) {\n // If there are no rules, we default to not allowing any rows to be selected.\n lc.warn?.(\n \"No permission rules found for table '\" +\n query.table +\n \"'. No rows will be returned. Use ANYONE_CAN to allow all users to access all rows.\",\n );\n rowSelectRules = [\n [\n 'allow',\n {\n type: 'or',\n conditions: [],\n },\n ],\n ];\n }\n\n const updatedWhere = addRulesToWhere(\n query.where\n ? transformCondition(lc, query.where, permissionRules)\n : undefined,\n rowSelectRules,\n );\n return {\n ...query,\n where: simplifyCondition(updatedWhere),\n related: query.related?.map(sq => {\n const subquery = transformQueryInternal(lc, sq.subquery, permissionRules);\n return {\n ...sq,\n subquery,\n };\n }),\n };\n}\n\nfunction addRulesToWhere(\n where: Condition | undefined,\n rowSelectRules: ['allow', Condition][],\n): Condition {\n return {\n type: 'and',\n conditions: [\n ...(where ? [where] : []),\n {\n type: 'or',\n conditions: rowSelectRules.map(([_, condition]) => condition),\n },\n ],\n };\n}\n\n// We must augment conditions so we do not provide an oracle to users.\n// E.g.,\n// `issue.whereExists('secret', s => s.where('value', 'sdf'))`\n// Not applying read policies to subqueries in the where position\n// would allow users to infer the existence of rows, and their contents,\n// that they cannot read.\nfunction transformCondition(\n lc: LogContext,\n cond: Condition,\n auth: PermissionsConfig,\n): Condition {\n switch (cond.type) {\n case 'simple':\n return cond;\n case 'and':\n case 'or':\n return {\n ...cond,\n conditions: cond.conditions.map(c => transformCondition(lc, c, auth)),\n };\n case 'correlatedSubquery': {\n const query = transformQueryInternal(lc, cond.related.subquery, auth);\n return {\n ...cond,\n related: {\n ...cond.related,\n subquery: query,\n },\n };\n }\n }\n}\n"],"names":[],"mappings":";;;AAuBO,SAAS,sBACd,IACA,IACA,OACA,iBACA,UACA,eACsB;AACtB,QAAM,cAAc,gBAChB,QACA,eAAe,IAAI,OAAO,iBAAiB,QAAQ;AACvD,SAAO;AAAA,IACL;AAAA,IACA,gBAAgB;AAAA,IAChB,oBAAoB,UAAU,WAAW;AAAA,EAAA;AAE7C;AAKO,SAAS,eACd,IACA,OACA,iBACA,UACK;AACL,QAAM,uBAAuB;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAEF,SAAO,qBAAqB,sBAAsB;AAAA,IAChD;AAAA,EAAA,CACD;AACH;AAEA,SAAS,uBACP,IACA,OACA,iBACK;AACL,MAAI,iBAAiB,gBAAgB,OAAO,MAAM,KAAK,GAAG,KAAK;AAE/D,MAAI,CAAC,kBAAkB,eAAe,WAAW,GAAG;AAElD,OAAG;AAAA,MACD,0CACE,MAAM,QACN;AAAA,IAAA;AAEJ,qBAAiB;AAAA,MACf;AAAA,QACE;AAAA,QACA;AAAA,UACE,MAAM;AAAA,UACN,YAAY,CAAA;AAAA,QAAC;AAAA,MACf;AAAA,IACF;AAAA,EAEJ;AAEA,QAAM,eAAe;AAAA,IACnB,MAAM,QACF,mBAAmB,IAAI,MAAM,OAAO,eAAe,IACnD;AAAA,IACJ;AAAA,EAAA;AAEF,SAAO;AAAA,IACL,GAAG;AAAA,IACH,OAAO,kBAAkB,YAAY;AAAA,IACrC,SAAS,MAAM,SAAS,IAAI,CAAA,OAAM;AAChC,YAAM,WAAW,uBAAuB,IAAI,GAAG,UAAU,eAAe;AACxE,aAAO;AAAA,QACL,GAAG;AAAA,QACH;AAAA,MAAA;AAAA,IAEJ,CAAC;AAAA,EAAA;AAEL;AAEA,SAAS,gBACP,OACA,gBACW;AACX,SAAO;AAAA,IACL,MAAM;AAAA,IACN,YAAY;AAAA,MACV,GAAI,QAAQ,CAAC,KAAK,IAAI,CAAA;AAAA,MACtB;AAAA,QACE,MAAM;AAAA,QACN,YAAY,eAAe,IAAI,CAAC,CAAC,GAAG,SAAS,MAAM,SAAS;AAAA,MAAA;AAAA,IAC9D;AAAA,EACF;AAEJ;AAQA,SAAS,mBACP,IACA,MACA,MACW;AACX,UAAQ,KAAK,MAAA;AAAA,IACX,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,QACL,GAAG;AAAA,QACH,YAAY,KAAK,WAAW,IAAI,OAAK,mBAAmB,IAAI,GAAG,IAAI,CAAC;AAAA,MAAA;AAAA,IAExE,KAAK,sBAAsB;AACzB,YAAM,QAAQ,uBAAuB,IAAI,KAAK,QAAQ,UAAU,IAAI;AACpE,aAAO;AAAA,QACL,GAAG;AAAA,QACH,SAAS;AAAA,UACP,GAAG,KAAK;AAAA,UACR,UAAU;AAAA,QAAA;AAAA,MACZ;AAAA,IAEJ;AAAA,EAAA;AAEJ;"}
1
+ {"version":3,"file":"read-authorizer.js","sources":["../../../../../zero-cache/src/auth/read-authorizer.ts"],"sourcesContent":["import type {LogContext} from '@rocicorp/logger';\nimport type {JWTPayload} from 'jose';\nimport type {JSONValue} from '../../../shared/src/json.ts';\nimport type {AST, Condition} from '../../../zero-protocol/src/ast.ts';\nimport {hashOfAST} from '../../../zero-protocol/src/query-hash.ts';\nimport type {PermissionsConfig} from '../../../zero-schema/src/compiled-permissions.ts';\nimport {bindStaticParameters} from '../../../zql/src/builder/builder.ts';\nimport {simplifyCondition} from '../../../zql/src/query/expression.ts';\n\nexport type TransformedAndHashed = {\n id: string;\n transformedAst: AST;\n transformationHash: string;\n};\n/**\n * Adds permission rules to the given query so it only returns rows that the\n * user is allowed to read.\n *\n * If the returned query is `undefined` that means that user cannot run\n * the query at all. This is only the case if we can infer that all rows\n * would be excluded without running the query.\n * E.g., the user is trying to query a table that is not readable.\n */\nexport function transformAndHashQuery(\n lc: LogContext,\n id: string,\n query: AST,\n permissionRules: PermissionsConfig,\n authData: JWTPayload | undefined,\n internalQuery: boolean | null | undefined,\n): TransformedAndHashed {\n const transformed = internalQuery\n ? query // application permissions do not apply to internal queries\n : transformQuery(lc, query, permissionRules, authData);\n return {\n id,\n transformedAst: transformed,\n transformationHash: hashOfAST(transformed),\n };\n}\n\n/**\n * For a given AST, apply the read-auth rules and bind static auth data.\n */\nexport function transformQuery(\n lc: LogContext,\n query: AST,\n permissionRules: PermissionsConfig,\n authData: JWTPayload | undefined,\n): AST {\n const queryWithPermissions = transformQueryInternal(\n lc,\n query,\n permissionRules,\n );\n return bindStaticParameters(queryWithPermissions, {\n authData: authData as Record<string, JSONValue>,\n });\n}\n\nfunction transformQueryInternal(\n lc: LogContext,\n query: AST,\n permissionRules: PermissionsConfig,\n): AST {\n let rowSelectRules = permissionRules?.tables?.[query.table]?.row?.select;\n\n if (!rowSelectRules || rowSelectRules.length === 0) {\n // If there are no rules, we default to not allowing any rows to be selected.\n lc.warn?.(\n \"No permission rules found for table '\" +\n query.table +\n \"'. No rows will be returned. Use ANYONE_CAN to allow all users to access all rows.\",\n );\n rowSelectRules = [\n [\n 'allow',\n {\n type: 'or',\n conditions: [],\n },\n ],\n ];\n }\n\n const updatedWhere = addRulesToWhere(\n query.where\n ? transformCondition(lc, query.where, permissionRules)\n : undefined,\n rowSelectRules,\n );\n return {\n ...query,\n where: simplifyCondition(updatedWhere),\n related: query.related?.map(sq => {\n const subquery = transformQueryInternal(lc, sq.subquery, permissionRules);\n return {\n ...sq,\n subquery,\n };\n }),\n };\n}\n\nfunction addRulesToWhere(\n where: Condition | undefined,\n rowSelectRules: ['allow', Condition][],\n): Condition {\n return {\n type: 'and',\n conditions: [\n ...(where ? [where] : []),\n {\n type: 'or',\n conditions: rowSelectRules.map(([_, condition]) => condition),\n },\n ],\n };\n}\n\n// We must augment conditions so we do not provide an oracle to users.\n// E.g.,\n// `issue.whereExists('secret', s => s.where('value', 'sdf'))`\n// Not applying read policies to subqueries in the where position\n// would allow users to infer the existence of rows, and their contents,\n// that they cannot read.\nfunction transformCondition(\n lc: LogContext,\n cond: Condition,\n auth: PermissionsConfig,\n): Condition {\n switch (cond.type) {\n case 'simple':\n return cond;\n case 'and':\n case 'or':\n return {\n ...cond,\n conditions: cond.conditions.map(c => transformCondition(lc, c, auth)),\n };\n case 'correlatedSubquery': {\n const query = transformQueryInternal(lc, cond.related.subquery, auth);\n return {\n ...cond,\n related: {\n ...cond.related,\n subquery: query,\n },\n };\n }\n }\n}\n"],"names":[],"mappings":";;;AAuBO,SAAS,sBACd,IACA,IACA,OACA,iBACA,UACA,eACsB;AACtB,QAAM,cAAc,gBAChB,QACA,eAAe,IAAI,OAAO,iBAAiB,QAAQ;AACvD,SAAO;AAAA,IACL;AAAA,IACA,gBAAgB;AAAA,IAChB,oBAAoB,UAAU,WAAW;AAAA,EAAA;AAE7C;AAKO,SAAS,eACd,IACA,OACA,iBACA,UACK;AACL,QAAM,uBAAuB;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAEF,SAAO,qBAAqB,sBAAsB;AAAA,IAChD;AAAA,EAAA,CACD;AACH;AAEA,SAAS,uBACP,IACA,OACA,iBACK;AACL,MAAI,iBAAiB,iBAAiB,SAAS,MAAM,KAAK,GAAG,KAAK;AAElE,MAAI,CAAC,kBAAkB,eAAe,WAAW,GAAG;AAElD,OAAG;AAAA,MACD,0CACE,MAAM,QACN;AAAA,IAAA;AAEJ,qBAAiB;AAAA,MACf;AAAA,QACE;AAAA,QACA;AAAA,UACE,MAAM;AAAA,UACN,YAAY,CAAA;AAAA,QAAC;AAAA,MACf;AAAA,IACF;AAAA,EAEJ;AAEA,QAAM,eAAe;AAAA,IACnB,MAAM,QACF,mBAAmB,IAAI,MAAM,OAAO,eAAe,IACnD;AAAA,IACJ;AAAA,EAAA;AAEF,SAAO;AAAA,IACL,GAAG;AAAA,IACH,OAAO,kBAAkB,YAAY;AAAA,IACrC,SAAS,MAAM,SAAS,IAAI,CAAA,OAAM;AAChC,YAAM,WAAW,uBAAuB,IAAI,GAAG,UAAU,eAAe;AACxE,aAAO;AAAA,QACL,GAAG;AAAA,QACH;AAAA,MAAA;AAAA,IAEJ,CAAC;AAAA,EAAA;AAEL;AAEA,SAAS,gBACP,OACA,gBACW;AACX,SAAO;AAAA,IACL,MAAM;AAAA,IACN,YAAY;AAAA,MACV,GAAI,QAAQ,CAAC,KAAK,IAAI,CAAA;AAAA,MACtB;AAAA,QACE,MAAM;AAAA,QACN,YAAY,eAAe,IAAI,CAAC,CAAC,GAAG,SAAS,MAAM,SAAS;AAAA,MAAA;AAAA,IAC9D;AAAA,EACF;AAEJ;AAQA,SAAS,mBACP,IACA,MACA,MACW;AACX,UAAQ,KAAK,MAAA;AAAA,IACX,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,QACL,GAAG;AAAA,QACH,YAAY,KAAK,WAAW,IAAI,OAAK,mBAAmB,IAAI,GAAG,IAAI,CAAC;AAAA,MAAA;AAAA,IAExE,KAAK,sBAAsB;AACzB,YAAM,QAAQ,uBAAuB,IAAI,KAAK,QAAQ,UAAU,IAAI;AACpE,aAAO;AAAA,QACL,GAAG;AAAA,QACH,SAAS;AAAA,UACP,GAAG,KAAK;AAAA,UACR,UAAU;AAAA,QAAA;AAAA,MACZ;AAAA,IAEJ;AAAA,EAAA;AAEJ;"}
package/out/zero-cache/src/auth/write-authorizer.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"write-authorizer.d.ts","sourceRoot":"","sources":["../../../../../zero-cache/src/auth/write-authorizer.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AACjD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,MAAM,CAAC;AAUrC,OAAO,KAAK,EACV,MAAM,EAIN,QAAQ,EACT,MAAM,oCAAoC,CAAC;AAc5C,OAAO,KAAK,EACV,eAAe,EAEhB,MAAM,yCAAyC,CAAC;AACjD,OAAO,KAAK,EAAC,QAAQ,EAAC,MAAM,2BAA2B,CAAC;AAMxD,OAAO,KAAK,EAAY,UAAU,EAAC,MAAM,0BAA0B,CAAC;AAapE,MAAM,WAAW,eAAe;IAC9B,cAAc,CACZ,QAAQ,EAAE,UAAU,GAAG,SAAS,EAChC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,GAC/B,OAAO,CAAC,OAAO,CAAC,CAAC;IACpB,eAAe,CACb,QAAQ,EAAE,UAAU,GAAG,SAAS,EAChC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,GAC/B,OAAO,CAAC,OAAO,CAAC,CAAC;IACpB,iBAAiB,IAAI,IAAI,CAAC;IAC1B,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC;CAC1D;AAED,qBAAa,mBAAoB,YAAW,eAAe;;gBAevD,EAAE,EAAE,UAAU,EACd,MAAM,EAAE,UAAU,EAClB,OAAO,EAAE,QAAQ,EACjB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,iBAAiB,EAAE,eAAe;IAqBpC,iBAAiB;IASjB,OAAO;IAID,cAAc,CAClB,QAAQ,EAAE,UAAU,GAAG,SAAS,EAChC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE;IAsB5B,eAAe,CACnB,QAAQ,EAAE,UAAU,GAAG,SAAS,EAChC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE;IA6DlC,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE;CA4UzD"}
1
+ {"version":3,"file":"write-authorizer.d.ts","sourceRoot":"","sources":["../../../../../zero-cache/src/auth/write-authorizer.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AACjD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,MAAM,CAAC;AAUrC,OAAO,KAAK,EACV,MAAM,EAIN,QAAQ,EACT,MAAM,oCAAoC,CAAC;AAa5C,OAAO,KAAK,EAEV,eAAe,EAChB,MAAM,yCAAyC,CAAC;AACjD,OAAO,KAAK,EAAC,QAAQ,EAAC,MAAM,2BAA2B,CAAC;AAMxD,OAAO,KAAK,EAAY,UAAU,EAAC,MAAM,0BAA0B,CAAC;AAapE,MAAM,WAAW,eAAe;IAC9B,cAAc,CACZ,QAAQ,EAAE,UAAU,GAAG,SAAS,EAChC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,GAC/B,OAAO,CAAC,OAAO,CAAC,CAAC;IACpB,eAAe,CACb,QAAQ,EAAE,UAAU,GAAG,SAAS,EAChC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,GAC/B,OAAO,CAAC,OAAO,CAAC,CAAC;IACpB,iBAAiB,IAAI,IAAI,CAAC;IAC1B,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC;CAC1D;AAED,qBAAa,mBAAoB,YAAW,eAAe;;gBAevD,EAAE,EAAE,UAAU,EACd,MAAM,EAAE,UAAU,EAClB,OAAO,EAAE,QAAQ,EACjB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,iBAAiB,EAAE,eAAe;IAqBpC,iBAAiB;IASjB,OAAO;IAID,cAAc,CAClB,QAAQ,EAAE,UAAU,GAAG,SAAS,EAChC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE;IAsB5B,eAAe,CACnB,QAAQ,EAAE,UAAU,GAAG,SAAS,EAChC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE;IAmElC,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE;CA4UzD"}
package/out/zero-cache/src/auth/write-authorizer.js CHANGED
@@ -3,8 +3,10 @@ import { must } from "../../../shared/src/must.js";
3
3
  import { parse } from "../../../shared/src/valita.js";
4
4
  import { primaryKeyValueSchema } from "../../../zero-protocol/src/primary-key.js";
5
5
  import { bindStaticParameters, buildPipeline } from "../../../zql/src/builder/builder.js";
6
+ import { consume } from "../../../zql/src/ivm/stream.js";
6
7
  import { simplifyCondition } from "../../../zql/src/query/expression.js";
7
- import { staticQuery, asStaticQuery } from "../../../zql/src/query/static-query.js";
8
+ import { asQueryInternals } from "../../../zql/src/query/query-internals.js";
9
+ import { newStaticQuery } from "../../../zql/src/query/static-query.js";
8
10
  import { sql, compile } from "../../../zqlite/src/internal/sql.js";
9
11
  import { TableSource, fromSQLiteTypes } from "../../../zqlite/src/table-source.js";
10
12
  import { computeZqlSpecs } from "../db/lite-tables.js";
@@ -80,10 +82,12 @@ class WriteAuthorizerImpl {
80
82
  const source = this.#getSource(op.tableName);
81
83
  switch (op.op) {
82
84
  case "insert": {
83
- source.push({
84
- type: "add",
85
- row: op.value
86
- });
85
+ consume(
86
+ source.push({
87
+ type: "add",
88
+ row: op.value
89
+ })
90
+ );
87
91
  break;
88
92
  }
89
93
  // TODO(mlaw): what if someone updates the same thing twice?
@@ -92,18 +96,22 @@ class WriteAuthorizerImpl {
92
96
  // next requirePreMutationRow will just return the row that was
93
97
  // pushed in.
94
98
  case "update": {
95
- source.push({
96
- type: "edit",
97
- oldRow: this.#requirePreMutationRow(op),
98
- row: op.value
99
- });
99
+ consume(
100
+ source.push({
101
+ type: "edit",
102
+ oldRow: this.#requirePreMutationRow(op),
103
+ row: op.value
104
+ })
105
+ );
100
106
  break;
101
107
  }
102
108
  case "delete": {
103
- source.push({
104
- type: "remove",
105
- row: this.#requirePreMutationRow(op)
106
- });
109
+ consume(
110
+ source.push({
111
+ type: "remove",
112
+ row: this.#requirePreMutationRow(op)
113
+ })
114
+ );
107
115
  break;
108
116
  }
109
117
  }
@@ -240,9 +248,9 @@ class WriteAuthorizerImpl {
240
248
  * All steps must allow for the operation to be allowed.
241
249
  */
242
250
  async #canDo(phase, action, authData, op) {
243
- const rules = must(this.#loadedPermissions).permissions?.tables[op.tableName];
251
+ const rules = must(this.#loadedPermissions)?.permissions?.tables?.[op.tableName];
244
252
  const rowPolicies = rules?.row;
245
- let rowQuery = staticQuery(this.#schema, op.tableName);
253
+ let rowQuery = newStaticQuery(this.#schema, op.tableName);
246
254
  const primaryKeyValues = this.#getPrimaryKey(op.tableName, op.value);
247
255
  for (const pk in primaryKeyValues) {
248
256
  rowQuery = rowQuery.where(pk, "=", primaryKeyValues[pk]);
@@ -375,7 +383,7 @@ class WriteAuthorizerImpl {
375
383
  if (policy.length === 0) {
376
384
  return false;
377
385
  }
378
- let rowQueryAst = asStaticQuery(rowQuery).ast;
386
+ let rowQueryAst = asQueryInternals(rowQuery).ast;
379
387
  rowQueryAst = bindStaticParameters(
380
388
  {
381
389
  ...rowQueryAst,
package/out/zero-cache/src/auth/write-authorizer.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"write-authorizer.js","sources":["../../../../../zero-cache/src/auth/write-authorizer.ts"],"sourcesContent":["import type {SQLQuery} from '@databases/sql';\nimport type {MaybePromise} from '@opentelemetry/resources';\nimport type {LogContext} from '@rocicorp/logger';\nimport type {JWTPayload} from 'jose';\nimport {assert} from '../../../shared/src/asserts.ts';\nimport type {JSONValue, ReadonlyJSONValue} from '../../../shared/src/json.ts';\nimport {must} from '../../../shared/src/must.ts';\nimport * as v from '../../../shared/src/valita.ts';\nimport type {Condition} from '../../../zero-protocol/src/ast.ts';\nimport {\n primaryKeyValueSchema,\n type PrimaryKeyValue,\n} from '../../../zero-protocol/src/primary-key.ts';\nimport type {\n CRUDOp,\n DeleteOp,\n InsertOp,\n UpdateOp,\n UpsertOp,\n} from '../../../zero-protocol/src/push.ts';\nimport type {Policy} from '../../../zero-schema/src/compiled-permissions.ts';\nimport type {Schema} from '../../../zero-types/src/schema.ts';\nimport type {BuilderDelegate} from '../../../zql/src/builder/builder.ts';\nimport {\n bindStaticParameters,\n buildPipeline,\n} from '../../../zql/src/builder/builder.ts';\nimport {simplifyCondition} from '../../../zql/src/query/expression.ts';\nimport type {Query} from '../../../zql/src/query/query.ts';\nimport {\n asStaticQuery,\n staticQuery,\n} from '../../../zql/src/query/static-query.ts';\nimport type {\n DatabaseStorage,\n ClientGroupStorage,\n} from '../../../zqlite/src/database-storage.ts';\nimport type {Database} from '../../../zqlite/src/db.ts';\nimport {compile, sql} from '../../../zqlite/src/internal/sql.ts';\nimport {\n fromSQLiteTypes,\n TableSource,\n} from '../../../zqlite/src/table-source.ts';\nimport type {LogConfig, ZeroConfig} from '../config/zero-config.ts';\nimport {computeZqlSpecs} from '../db/lite-tables.ts';\nimport type {LiteAndZqlSpec} from '../db/specs.ts';\nimport {StatementRunner} from '../db/statements.ts';\nimport {mapLiteDataTypeToZqlSchemaValue} from '../types/lite.ts';\nimport {\n getSchema,\n reloadPermissionsIfChanged,\n type LoadedPermissions,\n} from './load-permissions.ts';\n\ntype Phase = 'preMutation' | 'postMutation';\n\nexport interface WriteAuthorizer {\n canPreMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ): Promise<boolean>;\n canPostMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ): Promise<boolean>;\n reloadPermissions(): void;\n normalizeOps(ops: CRUDOp[]): Exclude<CRUDOp, UpsertOp>[];\n}\n\nexport class WriteAuthorizerImpl implements WriteAuthorizer {\n readonly #schema: Schema;\n readonly #replica: Database;\n readonly #builderDelegate: BuilderDelegate;\n readonly #tableSpecs: Map<string, LiteAndZqlSpec>;\n readonly #tables = new Map<string, TableSource>();\n readonly #statementRunner: StatementRunner;\n readonly #lc: LogContext;\n readonly #appID: string;\n readonly #logConfig: LogConfig;\n readonly #cgStorage: ClientGroupStorage;\n\n #loadedPermissions: LoadedPermissions | null = null;\n\n constructor(\n lc: LogContext,\n config: ZeroConfig,\n replica: Database,\n appID: string,\n cgID: string,\n writeAuthzStorage: DatabaseStorage,\n ) {\n this.#appID = appID;\n this.#lc = lc.withContext('class', 'WriteAuthorizerImpl');\n this.#logConfig = config.log;\n this.#schema = getSchema(this.#lc, replica);\n this.#replica = replica;\n this.#cgStorage = writeAuthzStorage.createClientGroupStorage(cgID);\n this.#builderDelegate = {\n getSource: name => this.#getSource(name),\n createStorage: () => this.#cgStorage.createStorage(),\n decorateSourceInput: input => input,\n decorateInput: input => input,\n addEdge() {},\n decorateFilterInput: input => input,\n };\n this.#tableSpecs = computeZqlSpecs(this.#lc, replica);\n this.#statementRunner = new StatementRunner(replica);\n this.reloadPermissions();\n }\n\n reloadPermissions() {\n this.#loadedPermissions = reloadPermissionsIfChanged(\n this.#lc,\n this.#statementRunner,\n this.#appID,\n this.#loadedPermissions,\n ).permissions;\n }\n\n destroy() {\n this.#cgStorage.destroy();\n }\n\n async canPreMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ) {\n for (const op of ops) {\n switch (op.op) {\n case 'insert':\n // insert does not run pre-mutation checks\n break;\n case 'update':\n if (!(await this.#canUpdate('preMutation', authData, op))) {\n return false;\n }\n break;\n case 'delete':\n if (!(await this.#canDelete('preMutation', authData, op))) {\n return false;\n }\n break;\n }\n }\n return true;\n }\n\n async canPostMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ) {\n this.#statementRunner.beginConcurrent();\n try {\n for (const op of ops) {\n const source = this.#getSource(op.tableName);\n switch (op.op) {\n case 'insert': {\n source.push({\n type: 'add',\n row: op.value,\n });\n break;\n }\n // TODO(mlaw): what if someone updates the same thing twice?\n // TODO(aa): It seems like it will just work? source.push()\n // is going to push the row into the table source, and then the\n // next requirePreMutationRow will just return the row that was\n // pushed in.\n case 'update': {\n source.push({\n type: 'edit',\n oldRow: this.#requirePreMutationRow(op),\n row: op.value,\n });\n break;\n }\n case 'delete': {\n source.push({\n type: 'remove',\n row: this.#requirePreMutationRow(op),\n });\n break;\n }\n }\n }\n\n for (const op of ops) {\n switch (op.op) {\n case 'insert':\n if (!(await this.#canInsert('postMutation', authData, op))) {\n return false;\n }\n break;\n case 'update':\n if (!(await this.#canUpdate('postMutation', authData, op))) {\n return false;\n }\n break;\n case 'delete':\n // delete does not run post-mutation checks.\n break;\n }\n }\n } finally {\n this.#statementRunner.rollback();\n }\n\n return true;\n }\n\n normalizeOps(ops: CRUDOp[]): Exclude<CRUDOp, UpsertOp>[] {\n return ops.map(op => {\n if (op.op === 'upsert') {\n const preMutationRow = this.#getPreMutationRow(op);\n if (preMutationRow) {\n return {\n op: 'update',\n tableName: op.tableName,\n primaryKey: op.primaryKey,\n value: op.value,\n };\n }\n return {\n op: 'insert',\n tableName: op.tableName,\n primaryKey: op.primaryKey,\n value: op.value,\n };\n }\n return op;\n });\n }\n\n #canInsert(phase: Phase, authData: JWTPayload | undefined, op: InsertOp) {\n return this.#timedCanDo(phase, 'insert', authData, op);\n }\n\n #canUpdate(phase: Phase, authData: JWTPayload | undefined, op: UpdateOp) {\n return this.#timedCanDo(phase, 'update', authData, op);\n }\n\n #canDelete(phase: Phase, authData: JWTPayload | undefined, op: DeleteOp) {\n return this.#timedCanDo(phase, 'delete', authData, op);\n }\n\n /**\n * Gets schema-defined primary key and validates that operation contains required PK values.\n *\n * @returns Record where keys are column names and values are client-provided values\n * @throws Error if operation value is missing required primary key columns\n */\n #getPrimaryKey(\n tableName: string,\n opValue: Record<string, ReadonlyJSONValue | undefined>,\n ): Record<string, ReadonlyJSONValue> {\n const tableSpec = this.#tableSpecs.get(tableName);\n if (!tableSpec) {\n throw new Error(`Table ${tableName} not found`);\n }\n const columns = tableSpec.tableSpec.primaryKey;\n\n // Extract primary key values from operation value and validate they exist\n const values: Record<string, ReadonlyJSONValue> = {};\n for (const col of columns) {\n const val = opValue[col];\n if (val === undefined) {\n throw new Error(\n `Primary key column '${col}' is missing from operation value for table ${tableName}`,\n );\n }\n values[col] = val;\n }\n\n return values;\n }\n\n #getSource(tableName: string) {\n let source = this.#tables.get(tableName);\n if (source) {\n return source;\n }\n const tableSpec = this.#tableSpecs.get(tableName);\n if (!tableSpec) {\n throw new Error(`Table ${tableName} not found`);\n }\n const {columns, primaryKey} = tableSpec.tableSpec;\n assert(primaryKey.length);\n source = new TableSource(\n this.#lc,\n this.#logConfig,\n this.#replica,\n tableName,\n Object.fromEntries(\n Object.entries(columns).map(([name, {dataType}]) => [\n name,\n mapLiteDataTypeToZqlSchemaValue(dataType),\n ]),\n ),\n [primaryKey[0], ...primaryKey.slice(1)],\n );\n this.#tables.set(tableName, source);\n\n return source;\n }\n\n async #timedCanDo<A extends keyof ActionOpMap>(\n phase: Phase,\n action: A,\n authData: JWTPayload | undefined,\n op: ActionOpMap[A],\n ) {\n const start = performance.now();\n try {\n const ret = await this.#canDo(phase, action, authData, op);\n return ret;\n } finally {\n this.#lc.info?.(\n 'action:',\n action,\n 'duration:',\n performance.now() - start,\n 'tableName:',\n op.tableName,\n 'primaryKey:',\n op.primaryKey,\n );\n }\n }\n\n /**\n * Evaluation order is from static to dynamic, broad to specific.\n * table -> column -> row -> cell.\n *\n * If any step fails, the entire operation is denied.\n *\n * That is, table rules supersede column rules, which supersede row rules,\n *\n * All steps must allow for the operation to be allowed.\n */\n async #canDo<A extends keyof ActionOpMap>(\n phase: Phase,\n action: A,\n authData: JWTPayload | undefined,\n op: ActionOpMap[A],\n ) {\n const rules = must(this.#loadedPermissions).permissions?.tables[\n op.tableName\n ];\n const rowPolicies = rules?.row;\n let rowQuery = staticQuery(this.#schema, op.tableName);\n\n const primaryKeyValues = this.#getPrimaryKey(op.tableName, op.value);\n\n for (const pk in primaryKeyValues) {\n rowQuery = rowQuery.where(pk, '=', primaryKeyValues[pk]);\n }\n\n let applicableRowPolicy: Policy | undefined;\n switch (action) {\n case 'insert':\n if (phase === 'postMutation') {\n applicableRowPolicy = rowPolicies?.insert;\n }\n break;\n case 'update':\n if (phase === 'preMutation') {\n applicableRowPolicy = rowPolicies?.update?.preMutation;\n } else if (phase === 'postMutation') {\n applicableRowPolicy = rowPolicies?.update?.postMutation;\n }\n break;\n case 'delete':\n if (phase === 'preMutation') {\n applicableRowPolicy = rowPolicies?.delete;\n }\n break;\n }\n\n const cellPolicies = rules?.cell;\n const applicableCellPolicies: Policy[] = [];\n if (cellPolicies) {\n for (const [column, policy] of Object.entries(cellPolicies)) {\n if (action === 'update' && op.value[column] === undefined) {\n // If the cell is not being updated, we do not need to check\n // the cell rules.\n continue;\n }\n switch (action) {\n case 'insert':\n if (policy.insert && phase === 'postMutation') {\n applicableCellPolicies.push(policy.insert);\n }\n break;\n case 'update':\n if (phase === 'preMutation' && policy.update?.preMutation) {\n applicableCellPolicies.push(policy.update.preMutation);\n }\n if (phase === 'postMutation' && policy.update?.postMutation) {\n applicableCellPolicies.push(policy.update.postMutation);\n }\n break;\n case 'delete':\n if (policy.delete && phase === 'preMutation') {\n applicableCellPolicies.push(policy.delete);\n }\n break;\n }\n }\n }\n\n if (\n !(await this.#passesPolicyGroup(\n applicableRowPolicy,\n applicableCellPolicies,\n authData,\n rowQuery,\n ))\n ) {\n this.#lc.warn?.(\n `Permission check failed for ${JSON.stringify(\n op,\n )}, action ${action}, phase ${phase}, authData: ${JSON.stringify(\n authData,\n )}, rowPolicies: ${JSON.stringify(\n applicableRowPolicy,\n )}, cellPolicies: ${JSON.stringify(applicableCellPolicies)}`,\n );\n return false;\n }\n\n return true;\n }\n\n #getPreMutationRow(op: UpsertOp | UpdateOp | DeleteOp) {\n const {value} = op;\n\n const primaryKeyValues = this.#getPrimaryKey(op.tableName, value);\n\n const spec = this.#tableSpecs.get(op.tableName);\n if (!spec) {\n throw new Error(`Table ${op.tableName} not found`);\n }\n\n const conditions: SQLQuery[] = [];\n const values: PrimaryKeyValue[] = [];\n for (const pk in primaryKeyValues) {\n conditions.push(sql`${sql.ident(pk)}=?`);\n values.push(v.parse(primaryKeyValues[pk], primaryKeyValueSchema));\n }\n\n const ret = this.#statementRunner.get(\n compile(\n sql`SELECT ${sql.join(\n Object.keys(spec.zqlSpec).map(c => sql.ident(c)),\n sql`,`,\n )} FROM ${sql.ident(op.tableName)} WHERE ${sql.join(\n conditions,\n sql` AND `,\n )}`,\n ),\n ...values,\n );\n if (ret === undefined) {\n return ret;\n }\n return fromSQLiteTypes(spec.zqlSpec, ret, op.tableName);\n }\n\n #requirePreMutationRow(op: UpdateOp | DeleteOp) {\n const ret = this.#getPreMutationRow(op);\n assert(\n ret !== undefined,\n () => `Pre-mutation row not found for ${JSON.stringify(op.value)}`,\n );\n return ret;\n }\n\n async #passesPolicyGroup(\n applicableRowPolicy: Policy | undefined,\n applicableCellPolicies: Policy[],\n authData: JWTPayload | undefined,\n rowQuery: Query<Schema, string>,\n ) {\n if (!(await this.#passesPolicy(applicableRowPolicy, authData, rowQuery))) {\n return false;\n }\n\n for (const policy of applicableCellPolicies) {\n if (!(await this.#passesPolicy(policy, authData, rowQuery))) {\n return false;\n }\n }\n\n return true;\n }\n\n /**\n * Defaults to *false* if the policy is empty. At least one rule has to pass\n * for the policy to pass.\n */\n #passesPolicy(\n policy: Policy | undefined,\n authData: JWTPayload | undefined,\n rowQuery: Query<Schema, string>,\n ): MaybePromise<boolean> {\n if (policy === undefined) {\n return false;\n }\n if (policy.length === 0) {\n return false;\n }\n let rowQueryAst = asStaticQuery(rowQuery).ast;\n rowQueryAst = bindStaticParameters(\n {\n ...rowQueryAst,\n where: updateWhere(rowQueryAst.where, policy),\n },\n {\n authData: authData as Record<string, JSONValue>,\n preMutationRow: undefined,\n },\n );\n\n // call the compiler directly\n // run the sql against upstream.\n // remove the collecting into json? just need to know if a row comes back.\n\n const input = buildPipeline(rowQueryAst, this.#builderDelegate, 'query-id');\n try {\n const res = input.fetch({});\n for (const _ of res) {\n // if any row is returned at all, the\n // rule passes.\n return true;\n }\n } finally {\n input.destroy();\n }\n\n // no rows returned by any rules? The policy fails.\n return false;\n }\n}\n\nfunction updateWhere(where: Condition | undefined, policy: Policy) {\n assert(where, 'A where condition must exist for RowQuery');\n\n return simplifyCondition({\n type: 'and',\n conditions: [\n where,\n {\n type: 'or',\n conditions: policy.map(([action, rule]) => {\n assert(action);\n return rule;\n }),\n },\n ],\n });\n}\n\ntype ActionOpMap = {\n insert: InsertOp;\n update: UpdateOp;\n delete: DeleteOp;\n};\n"],"names":["v.parse"],"mappings":";;;;;;;;;;;;;AAqEO,MAAM,oBAA+C;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,8BAAc,IAAA;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAET,qBAA+C;AAAA,EAE/C,YACE,IACA,QACA,SACA,OACA,MACA,mBACA;AACA,SAAK,SAAS;AACd,SAAK,MAAM,GAAG,YAAY,SAAS,qBAAqB;AACxD,SAAK,aAAa,OAAO;AACzB,SAAK,UAAU,UAAU,KAAK,KAAK,OAAO;AAC1C,SAAK,WAAW;AAChB,SAAK,aAAa,kBAAkB,yBAAyB,IAAI;AACjE,SAAK,mBAAmB;AAAA,MACtB,WAAW,CAAA,SAAQ,KAAK,WAAW,IAAI;AAAA,MACvC,eAAe,MAAM,KAAK,WAAW,cAAA;AAAA,MACrC,qBAAqB,CAAA,UAAS;AAAA,MAC9B,eAAe,CAAA,UAAS;AAAA,MACxB,UAAU;AAAA,MAAC;AAAA,MACX,qBAAqB,CAAA,UAAS;AAAA,IAAA;AAEhC,SAAK,cAAc,gBAAgB,KAAK,KAAK,OAAO;AACpD,SAAK,mBAAmB,IAAI,gBAAgB,OAAO;AACnD,SAAK,kBAAA;AAAA,EACP;AAAA,EAEA,oBAAoB;AAClB,SAAK,qBAAqB;AAAA,MACxB,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,IAAA,EACL;AAAA,EACJ;AAAA,EAEA,UAAU;AACR,SAAK,WAAW,QAAA;AAAA,EAClB;AAAA,EAEA,MAAM,eACJ,UACA,KACA;AACA,eAAW,MAAM,KAAK;AACpB,cAAQ,GAAG,IAAA;AAAA,QACT,KAAK;AAEH;AAAA,QACF,KAAK;AACH,cAAI,CAAE,MAAM,KAAK,WAAW,eAAe,UAAU,EAAE,GAAI;AACzD,mBAAO;AAAA,UACT;AACA;AAAA,QACF,KAAK;AACH,cAAI,CAAE,MAAM,KAAK,WAAW,eAAe,UAAU,EAAE,GAAI;AACzD,mBAAO;AAAA,UACT;AACA;AAAA,MAAA;AAAA,IAEN;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,gBACJ,UACA,KACA;AACA,SAAK,iBAAiB,gBAAA;AACtB,QAAI;AACF,iBAAW,MAAM,KAAK;AACpB,cAAM,SAAS,KAAK,WAAW,GAAG,SAAS;AAC3C,gBAAQ,GAAG,IAAA;AAAA,UACT,KAAK,UAAU;AACb,mBAAO,KAAK;AAAA,cACV,MAAM;AAAA,cACN,KAAK,GAAG;AAAA,YAAA,CACT;AACD;AAAA,UACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,UAMA,KAAK,UAAU;AACb,mBAAO,KAAK;AAAA,cACV,MAAM;AAAA,cACN,QAAQ,KAAK,uBAAuB,EAAE;AAAA,cACtC,KAAK,GAAG;AAAA,YAAA,CACT;AACD;AAAA,UACF;AAAA,UACA,KAAK,UAAU;AACb,mBAAO,KAAK;AAAA,cACV,MAAM;AAAA,cACN,KAAK,KAAK,uBAAuB,EAAE;AAAA,YAAA,CACpC;AACD;AAAA,UACF;AAAA,QAAA;AAAA,MAEJ;AAEA,iBAAW,MAAM,KAAK;AACpB,gBAAQ,GAAG,IAAA;AAAA,UACT,KAAK;AACH,gBAAI,CAAE,MAAM,KAAK,WAAW,gBAAgB,UAAU,EAAE,GAAI;AAC1D,qBAAO;AAAA,YACT;AACA;AAAA,UACF,KAAK;AACH,gBAAI,CAAE,MAAM,KAAK,WAAW,gBAAgB,UAAU,EAAE,GAAI;AAC1D,qBAAO;AAAA,YACT;AACA;AAAA,UACF,KAAK;AAEH;AAAA,QAAA;AAAA,MAEN;AAAA,IACF,UAAA;AACE,WAAK,iBAAiB,SAAA;AAAA,IACxB;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,aAAa,KAA4C;AACvD,WAAO,IAAI,IAAI,CAAA,OAAM;AACnB,UAAI,GAAG,OAAO,UAAU;AACtB,cAAM,iBAAiB,KAAK,mBAAmB,EAAE;AACjD,YAAI,gBAAgB;AAClB,iBAAO;AAAA,YACL,IAAI;AAAA,YACJ,WAAW,GAAG;AAAA,YACd,YAAY,GAAG;AAAA,YACf,OAAO,GAAG;AAAA,UAAA;AAAA,QAEd;AACA,eAAO;AAAA,UACL,IAAI;AAAA,UACJ,WAAW,GAAG;AAAA,UACd,YAAY,GAAG;AAAA,UACf,OAAO,GAAG;AAAA,QAAA;AAAA,MAEd;AACA,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAAA,EAEA,WAAW,OAAc,UAAkC,IAAc;AACvE,WAAO,KAAK,YAAY,OAAO,UAAU,UAAU,EAAE;AAAA,EACvD;AAAA,EAEA,WAAW,OAAc,UAAkC,IAAc;AACvE,WAAO,KAAK,YAAY,OAAO,UAAU,UAAU,EAAE;AAAA,EACvD;AAAA,EAEA,WAAW,OAAc,UAAkC,IAAc;AACvE,WAAO,KAAK,YAAY,OAAO,UAAU,UAAU,EAAE;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,eACE,WACA,SACmC;AACnC,UAAM,YAAY,KAAK,YAAY,IAAI,SAAS;AAChD,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,SAAS,SAAS,YAAY;AAAA,IAChD;AACA,UAAM,UAAU,UAAU,UAAU;AAGpC,UAAM,SAA4C,CAAA;AAClD,eAAW,OAAO,SAAS;AACzB,YAAM,MAAM,QAAQ,GAAG;AACvB,UAAI,QAAQ,QAAW;AACrB,cAAM,IAAI;AAAA,UACR,uBAAuB,GAAG,+CAA+C,SAAS;AAAA,QAAA;AAAA,MAEtF;AACA,aAAO,GAAG,IAAI;AAAA,IAChB;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,WAAW,WAAmB;AAC5B,QAAI,SAAS,KAAK,QAAQ,IAAI,SAAS;AACvC,QAAI,QAAQ;AACV,aAAO;AAAA,IACT;AACA,UAAM,YAAY,KAAK,YAAY,IAAI,SAAS;AAChD,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,SAAS,SAAS,YAAY;AAAA,IAChD;AACA,UAAM,EAAC,SAAS,WAAA,IAAc,UAAU;AACxC,WAAO,WAAW,MAAM;AACxB,aAAS,IAAI;AAAA,MACX,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,MACL;AAAA,MACA,OAAO;AAAA,QACL,OAAO,QAAQ,OAAO,EAAE,IAAI,CAAC,CAAC,MAAM,EAAC,SAAA,CAAS,MAAM;AAAA,UAClD;AAAA,UACA,gCAAgC,QAAQ;AAAA,QAAA,CACzC;AAAA,MAAA;AAAA,MAEH,CAAC,WAAW,CAAC,GAAG,GAAG,WAAW,MAAM,CAAC,CAAC;AAAA,IAAA;AAExC,SAAK,QAAQ,IAAI,WAAW,MAAM;AAElC,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,YACJ,OACA,QACA,UACA,IACA;AACA,UAAM,QAAQ,YAAY,IAAA;AAC1B,QAAI;AACF,YAAM,MAAM,MAAM,KAAK,OAAO,OAAO,QAAQ,UAAU,EAAE;AACzD,aAAO;AAAA,IACT,UAAA;AACE,WAAK,IAAI;AAAA,QACP;AAAA,QACA;AAAA,QACA;AAAA,QACA,YAAY,QAAQ;AAAA,QACpB;AAAA,QACA,GAAG;AAAA,QACH;AAAA,QACA,GAAG;AAAA,MAAA;AAAA,IAEP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,OACJ,OACA,QACA,UACA,IACA;AACA,UAAM,QAAQ,KAAK,KAAK,kBAAkB,EAAE,aAAa,OACvD,GAAG,SACL;AACA,UAAM,cAAc,OAAO;AAC3B,QAAI,WAAW,YAAY,KAAK,SAAS,GAAG,SAAS;AAErD,UAAM,mBAAmB,KAAK,eAAe,GAAG,WAAW,GAAG,KAAK;AAEnE,eAAW,MAAM,kBAAkB;AACjC,iBAAW,SAAS,MAAM,IAAI,KAAK,iBAAiB,EAAE,CAAC;AAAA,IACzD;AAEA,QAAI;AACJ,YAAQ,QAAA;AAAA,MACN,KAAK;AACH,YAAI,UAAU,gBAAgB;AAC5B,gCAAsB,aAAa;AAAA,QACrC;AACA;AAAA,MACF,KAAK;AACH,YAAI,UAAU,eAAe;AAC3B,gCAAsB,aAAa,QAAQ;AAAA,QAC7C,WAAW,UAAU,gBAAgB;AACnC,gCAAsB,aAAa,QAAQ;AAAA,QAC7C;AACA;AAAA,MACF,KAAK;AACH,YAAI,UAAU,eAAe;AAC3B,gCAAsB,aAAa;AAAA,QACrC;AACA;AAAA,IAAA;AAGJ,UAAM,eAAe,OAAO;AAC5B,UAAM,yBAAmC,CAAA;AACzC,QAAI,cAAc;AAChB,iBAAW,CAAC,QAAQ,MAAM,KAAK,OAAO,QAAQ,YAAY,GAAG;AAC3D,YAAI,WAAW,YAAY,GAAG,MAAM,MAAM,MAAM,QAAW;AAGzD;AAAA,QACF;AACA,gBAAQ,QAAA;AAAA,UACN,KAAK;AACH,gBAAI,OAAO,UAAU,UAAU,gBAAgB;AAC7C,qCAAuB,KAAK,OAAO,MAAM;AAAA,YAC3C;AACA;AAAA,UACF,KAAK;AACH,gBAAI,UAAU,iBAAiB,OAAO,QAAQ,aAAa;AACzD,qCAAuB,KAAK,OAAO,OAAO,WAAW;AAAA,YACvD;AACA,gBAAI,UAAU,kBAAkB,OAAO,QAAQ,cAAc;AAC3D,qCAAuB,KAAK,OAAO,OAAO,YAAY;AAAA,YACxD;AACA;AAAA,UACF,KAAK;AACH,gBAAI,OAAO,UAAU,UAAU,eAAe;AAC5C,qCAAuB,KAAK,OAAO,MAAM;AAAA,YAC3C;AACA;AAAA,QAAA;AAAA,MAEN;AAAA,IACF;AAEA,QACE,CAAE,MAAM,KAAK;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IAAA,GAEF;AACA,WAAK,IAAI;AAAA,QACP,+BAA+B,KAAK;AAAA,UAClC;AAAA,QAAA,CACD,YAAY,MAAM,WAAW,KAAK,eAAe,KAAK;AAAA,UACrD;AAAA,QAAA,CACD,kBAAkB,KAAK;AAAA,UACtB;AAAA,QAAA,CACD,mBAAmB,KAAK,UAAU,sBAAsB,CAAC;AAAA,MAAA;AAE5D,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,mBAAmB,IAAoC;AACrD,UAAM,EAAC,UAAS;AAEhB,UAAM,mBAAmB,KAAK,eAAe,GAAG,WAAW,KAAK;AAEhE,UAAM,OAAO,KAAK,YAAY,IAAI,GAAG,SAAS;AAC9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,MAAM,SAAS,GAAG,SAAS,YAAY;AAAA,IACnD;AAEA,UAAM,aAAyB,CAAA;AAC/B,UAAM,SAA4B,CAAA;AAClC,eAAW,MAAM,kBAAkB;AACjC,iBAAW,KAAK,MAAM,IAAI,MAAM,EAAE,CAAC,IAAI;AACvC,aAAO,KAAKA,MAAQ,iBAAiB,EAAE,GAAG,qBAAqB,CAAC;AAAA,IAClE;AAEA,UAAM,MAAM,KAAK,iBAAiB;AAAA,MAChC;AAAA,QACE,aAAa,IAAI;AAAA,UACf,OAAO,KAAK,KAAK,OAAO,EAAE,IAAI,CAAA,MAAK,IAAI,MAAM,CAAC,CAAC;AAAA,UAC/C;AAAA,QAAA,CACD,SAAS,IAAI,MAAM,GAAG,SAAS,CAAC,UAAU,IAAI;AAAA,UAC7C;AAAA,UACA;AAAA,QAAA,CACD;AAAA,MAAA;AAAA,MAEH,GAAG;AAAA,IAAA;AAEL,QAAI,QAAQ,QAAW;AACrB,aAAO;AAAA,IACT;AACA,WAAO,gBAAgB,KAAK,SAAS,KAAK,GAAG,SAAS;AAAA,EACxD;AAAA,EAEA,uBAAuB,IAAyB;AAC9C,UAAM,MAAM,KAAK,mBAAmB,EAAE;AACtC;AAAA,MACE,QAAQ;AAAA,MACR,MAAM,kCAAkC,KAAK,UAAU,GAAG,KAAK,CAAC;AAAA,IAAA;AAElE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,mBACJ,qBACA,wBACA,UACA,UACA;AACA,QAAI,CAAE,MAAM,KAAK,cAAc,qBAAqB,UAAU,QAAQ,GAAI;AACxE,aAAO;AAAA,IACT;AAEA,eAAW,UAAU,wBAAwB;AAC3C,UAAI,CAAE,MAAM,KAAK,cAAc,QAAQ,UAAU,QAAQ,GAAI;AAC3D,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cACE,QACA,UACA,UACuB;AACvB,QAAI,WAAW,QAAW;AACxB,aAAO;AAAA,IACT;AACA,QAAI,OAAO,WAAW,GAAG;AACvB,aAAO;AAAA,IACT;AACA,QAAI,cAAc,cAAc,QAAQ,EAAE;AAC1C,kBAAc;AAAA,MACZ;AAAA,QACE,GAAG;AAAA,QACH,OAAO,YAAY,YAAY,OAAO,MAAM;AAAA,MAAA;AAAA,MAE9C;AAAA,QACE;AAAA,QACA,gBAAgB;AAAA,MAAA;AAAA,IAClB;AAOF,UAAM,QAAQ,cAAc,aAAa,KAAK,kBAAkB,UAAU;AAC1E,QAAI;AACF,YAAM,MAAM,MAAM,MAAM,EAAE;AAC1B,iBAAW,KAAK,KAAK;AAGnB,eAAO;AAAA,MACT;AAAA,IACF,UAAA;AACE,YAAM,QAAA;AAAA,IACR;AAGA,WAAO;AAAA,EACT;AACF;AAEA,SAAS,YAAY,OAA8B,QAAgB;AACjE,SAAO,OAAO,2CAA2C;AAEzD,SAAO,kBAAkB;AAAA,IACvB,MAAM;AAAA,IACN,YAAY;AAAA,MACV;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,YAAY,OAAO,IAAI,CAAC,CAAC,QAAQ,IAAI,MAAM;AACzC,iBAAO,MAAM;AACb,iBAAO;AAAA,QACT,CAAC;AAAA,MAAA;AAAA,IACH;AAAA,EACF,CACD;AACH;"}
1
+ {"version":3,"file":"write-authorizer.js","sources":["../../../../../zero-cache/src/auth/write-authorizer.ts"],"sourcesContent":["import type {SQLQuery} from '@databases/sql';\nimport type {MaybePromise} from '@opentelemetry/resources';\nimport type {LogContext} from '@rocicorp/logger';\nimport type {JWTPayload} from 'jose';\nimport {assert} from '../../../shared/src/asserts.ts';\nimport type {JSONValue, ReadonlyJSONValue} from '../../../shared/src/json.ts';\nimport {must} from '../../../shared/src/must.ts';\nimport * as v from '../../../shared/src/valita.ts';\nimport type {Condition} from '../../../zero-protocol/src/ast.ts';\nimport {\n primaryKeyValueSchema,\n type PrimaryKeyValue,\n} from '../../../zero-protocol/src/primary-key.ts';\nimport type {\n CRUDOp,\n DeleteOp,\n InsertOp,\n UpdateOp,\n UpsertOp,\n} from '../../../zero-protocol/src/push.ts';\nimport type {Policy} from '../../../zero-schema/src/compiled-permissions.ts';\nimport type {Schema} from '../../../zero-types/src/schema.ts';\nimport type {BuilderDelegate} from '../../../zql/src/builder/builder.ts';\nimport {\n bindStaticParameters,\n buildPipeline,\n} from '../../../zql/src/builder/builder.ts';\nimport {consume} from '../../../zql/src/ivm/stream.ts';\nimport {simplifyCondition} from '../../../zql/src/query/expression.ts';\nimport {asQueryInternals} from '../../../zql/src/query/query-internals.ts';\nimport type {Query} from '../../../zql/src/query/query.ts';\nimport {newStaticQuery} from '../../../zql/src/query/static-query.ts';\nimport type {\n ClientGroupStorage,\n DatabaseStorage,\n} from '../../../zqlite/src/database-storage.ts';\nimport type {Database} from '../../../zqlite/src/db.ts';\nimport {compile, sql} from '../../../zqlite/src/internal/sql.ts';\nimport {\n fromSQLiteTypes,\n TableSource,\n} from '../../../zqlite/src/table-source.ts';\nimport type {LogConfig, ZeroConfig} from '../config/zero-config.ts';\nimport {computeZqlSpecs} from '../db/lite-tables.ts';\nimport type {LiteAndZqlSpec} from '../db/specs.ts';\nimport {StatementRunner} from '../db/statements.ts';\nimport {mapLiteDataTypeToZqlSchemaValue} from '../types/lite.ts';\nimport {\n getSchema,\n reloadPermissionsIfChanged,\n type LoadedPermissions,\n} from './load-permissions.ts';\n\ntype Phase = 'preMutation' | 'postMutation';\n\nexport interface WriteAuthorizer {\n canPreMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ): Promise<boolean>;\n canPostMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ): Promise<boolean>;\n reloadPermissions(): void;\n normalizeOps(ops: CRUDOp[]): Exclude<CRUDOp, UpsertOp>[];\n}\n\nexport class WriteAuthorizerImpl implements WriteAuthorizer {\n readonly #schema: Schema;\n readonly #replica: Database;\n readonly #builderDelegate: BuilderDelegate;\n readonly #tableSpecs: Map<string, LiteAndZqlSpec>;\n readonly #tables = new Map<string, TableSource>();\n readonly #statementRunner: StatementRunner;\n readonly #lc: LogContext;\n readonly #appID: string;\n readonly #logConfig: LogConfig;\n readonly #cgStorage: ClientGroupStorage;\n\n #loadedPermissions: LoadedPermissions | null = null;\n\n constructor(\n lc: LogContext,\n config: ZeroConfig,\n replica: Database,\n appID: string,\n cgID: string,\n writeAuthzStorage: DatabaseStorage,\n ) {\n this.#appID = appID;\n this.#lc = lc.withContext('class', 'WriteAuthorizerImpl');\n this.#logConfig = config.log;\n this.#schema = getSchema(this.#lc, replica);\n this.#replica = replica;\n this.#cgStorage = writeAuthzStorage.createClientGroupStorage(cgID);\n this.#builderDelegate = {\n getSource: name => this.#getSource(name),\n createStorage: () => this.#cgStorage.createStorage(),\n decorateSourceInput: input => input,\n decorateInput: input => input,\n addEdge() {},\n decorateFilterInput: input => input,\n };\n this.#tableSpecs = computeZqlSpecs(this.#lc, replica);\n this.#statementRunner = new StatementRunner(replica);\n this.reloadPermissions();\n }\n\n reloadPermissions() {\n this.#loadedPermissions = reloadPermissionsIfChanged(\n this.#lc,\n this.#statementRunner,\n this.#appID,\n this.#loadedPermissions,\n ).permissions;\n }\n\n destroy() {\n this.#cgStorage.destroy();\n }\n\n async canPreMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ) {\n for (const op of ops) {\n switch (op.op) {\n case 'insert':\n // insert does not run pre-mutation checks\n break;\n case 'update':\n if (!(await this.#canUpdate('preMutation', authData, op))) {\n return false;\n }\n break;\n case 'delete':\n if (!(await this.#canDelete('preMutation', authData, op))) {\n return false;\n }\n break;\n }\n }\n return true;\n }\n\n async canPostMutation(\n authData: JWTPayload | undefined,\n ops: Exclude<CRUDOp, UpsertOp>[],\n ) {\n this.#statementRunner.beginConcurrent();\n try {\n for (const op of ops) {\n const source = this.#getSource(op.tableName);\n switch (op.op) {\n case 'insert': {\n consume(\n source.push({\n type: 'add',\n row: op.value,\n }),\n );\n break;\n }\n // TODO(mlaw): what if someone updates the same thing twice?\n // TODO(aa): It seems like it will just work? source.push()\n // is going to push the row into the table source, and then the\n // next requirePreMutationRow will just return the row that was\n // pushed in.\n case 'update': {\n consume(\n source.push({\n type: 'edit',\n oldRow: this.#requirePreMutationRow(op),\n row: op.value,\n }),\n );\n break;\n }\n case 'delete': {\n consume(\n source.push({\n type: 'remove',\n row: this.#requirePreMutationRow(op),\n }),\n );\n break;\n }\n }\n }\n\n for (const op of ops) {\n switch (op.op) {\n case 'insert':\n if (!(await this.#canInsert('postMutation', authData, op))) {\n return false;\n }\n break;\n case 'update':\n if (!(await this.#canUpdate('postMutation', authData, op))) {\n return false;\n }\n break;\n case 'delete':\n // delete does not run post-mutation checks.\n break;\n }\n }\n } finally {\n this.#statementRunner.rollback();\n }\n\n return true;\n }\n\n normalizeOps(ops: CRUDOp[]): Exclude<CRUDOp, UpsertOp>[] {\n return ops.map(op => {\n if (op.op === 'upsert') {\n const preMutationRow = this.#getPreMutationRow(op);\n if (preMutationRow) {\n return {\n op: 'update',\n tableName: op.tableName,\n primaryKey: op.primaryKey,\n value: op.value,\n };\n }\n return {\n op: 'insert',\n tableName: op.tableName,\n primaryKey: op.primaryKey,\n value: op.value,\n };\n }\n return op;\n });\n }\n\n #canInsert(phase: Phase, authData: JWTPayload | undefined, op: InsertOp) {\n return this.#timedCanDo(phase, 'insert', authData, op);\n }\n\n #canUpdate(phase: Phase, authData: JWTPayload | undefined, op: UpdateOp) {\n return this.#timedCanDo(phase, 'update', authData, op);\n }\n\n #canDelete(phase: Phase, authData: JWTPayload | undefined, op: DeleteOp) {\n return this.#timedCanDo(phase, 'delete', authData, op);\n }\n\n /**\n * Gets schema-defined primary key and validates that operation contains required PK values.\n *\n * @returns Record where keys are column names and values are client-provided values\n * @throws Error if operation value is missing required primary key columns\n */\n #getPrimaryKey(\n tableName: string,\n opValue: Record<string, ReadonlyJSONValue | undefined>,\n ): Record<string, ReadonlyJSONValue> {\n const tableSpec = this.#tableSpecs.get(tableName);\n if (!tableSpec) {\n throw new Error(`Table ${tableName} not found`);\n }\n const columns = tableSpec.tableSpec.primaryKey;\n\n // Extract primary key values from operation value and validate they exist\n const values: Record<string, ReadonlyJSONValue> = {};\n for (const col of columns) {\n const val = opValue[col];\n if (val === undefined) {\n throw new Error(\n `Primary key column '${col}' is missing from operation value for table ${tableName}`,\n );\n }\n values[col] = val;\n }\n\n return values;\n }\n\n #getSource(tableName: string) {\n let source = this.#tables.get(tableName);\n if (source) {\n return source;\n }\n const tableSpec = this.#tableSpecs.get(tableName);\n if (!tableSpec) {\n throw new Error(`Table ${tableName} not found`);\n }\n const {columns, primaryKey} = tableSpec.tableSpec;\n assert(primaryKey.length);\n source = new TableSource(\n this.#lc,\n this.#logConfig,\n this.#replica,\n tableName,\n Object.fromEntries(\n Object.entries(columns).map(([name, {dataType}]) => [\n name,\n mapLiteDataTypeToZqlSchemaValue(dataType),\n ]),\n ),\n [primaryKey[0], ...primaryKey.slice(1)],\n );\n this.#tables.set(tableName, source);\n\n return source;\n }\n\n async #timedCanDo<A extends keyof ActionOpMap>(\n phase: Phase,\n action: A,\n authData: JWTPayload | undefined,\n op: ActionOpMap[A],\n ) {\n const start = performance.now();\n try {\n const ret = await this.#canDo(phase, action, authData, op);\n return ret;\n } finally {\n this.#lc.info?.(\n 'action:',\n action,\n 'duration:',\n performance.now() - start,\n 'tableName:',\n op.tableName,\n 'primaryKey:',\n op.primaryKey,\n );\n }\n }\n\n /**\n * Evaluation order is from static to dynamic, broad to specific.\n * table -> column -> row -> cell.\n *\n * If any step fails, the entire operation is denied.\n *\n * That is, table rules supersede column rules, which supersede row rules,\n *\n * All steps must allow for the operation to be allowed.\n */\n async #canDo<A extends keyof ActionOpMap>(\n phase: Phase,\n action: A,\n authData: JWTPayload | undefined,\n op: ActionOpMap[A],\n ) {\n const rules = must(this.#loadedPermissions)?.permissions?.tables?.[\n op.tableName\n ];\n const rowPolicies = rules?.row;\n let rowQuery = newStaticQuery(this.#schema, op.tableName);\n\n const primaryKeyValues = this.#getPrimaryKey(op.tableName, op.value);\n\n for (const pk in primaryKeyValues) {\n rowQuery = rowQuery.where(pk, '=', primaryKeyValues[pk]);\n }\n\n let applicableRowPolicy: Policy | undefined;\n switch (action) {\n case 'insert':\n if (phase === 'postMutation') {\n applicableRowPolicy = rowPolicies?.insert;\n }\n break;\n case 'update':\n if (phase === 'preMutation') {\n applicableRowPolicy = rowPolicies?.update?.preMutation;\n } else if (phase === 'postMutation') {\n applicableRowPolicy = rowPolicies?.update?.postMutation;\n }\n break;\n case 'delete':\n if (phase === 'preMutation') {\n applicableRowPolicy = rowPolicies?.delete;\n }\n break;\n }\n\n const cellPolicies = rules?.cell;\n const applicableCellPolicies: Policy[] = [];\n if (cellPolicies) {\n for (const [column, policy] of Object.entries(cellPolicies)) {\n if (action === 'update' && op.value[column] === undefined) {\n // If the cell is not being updated, we do not need to check\n // the cell rules.\n continue;\n }\n switch (action) {\n case 'insert':\n if (policy.insert && phase === 'postMutation') {\n applicableCellPolicies.push(policy.insert);\n }\n break;\n case 'update':\n if (phase === 'preMutation' && policy.update?.preMutation) {\n applicableCellPolicies.push(policy.update.preMutation);\n }\n if (phase === 'postMutation' && policy.update?.postMutation) {\n applicableCellPolicies.push(policy.update.postMutation);\n }\n break;\n case 'delete':\n if (policy.delete && phase === 'preMutation') {\n applicableCellPolicies.push(policy.delete);\n }\n break;\n }\n }\n }\n\n if (\n !(await this.#passesPolicyGroup(\n applicableRowPolicy,\n applicableCellPolicies,\n authData,\n rowQuery,\n ))\n ) {\n this.#lc.warn?.(\n `Permission check failed for ${JSON.stringify(\n op,\n )}, action ${action}, phase ${phase}, authData: ${JSON.stringify(\n authData,\n )}, rowPolicies: ${JSON.stringify(\n applicableRowPolicy,\n )}, cellPolicies: ${JSON.stringify(applicableCellPolicies)}`,\n );\n return false;\n }\n\n return true;\n }\n\n #getPreMutationRow(op: UpsertOp | UpdateOp | DeleteOp) {\n const {value} = op;\n\n const primaryKeyValues = this.#getPrimaryKey(op.tableName, value);\n\n const spec = this.#tableSpecs.get(op.tableName);\n if (!spec) {\n throw new Error(`Table ${op.tableName} not found`);\n }\n\n const conditions: SQLQuery[] = [];\n const values: PrimaryKeyValue[] = [];\n for (const pk in primaryKeyValues) {\n conditions.push(sql`${sql.ident(pk)}=?`);\n values.push(v.parse(primaryKeyValues[pk], primaryKeyValueSchema));\n }\n\n const ret = this.#statementRunner.get(\n compile(\n sql`SELECT ${sql.join(\n Object.keys(spec.zqlSpec).map(c => sql.ident(c)),\n sql`,`,\n )} FROM ${sql.ident(op.tableName)} WHERE ${sql.join(\n conditions,\n sql` AND `,\n )}`,\n ),\n ...values,\n );\n if (ret === undefined) {\n return ret;\n }\n return fromSQLiteTypes(spec.zqlSpec, ret, op.tableName);\n }\n\n #requirePreMutationRow(op: UpdateOp | DeleteOp) {\n const ret = this.#getPreMutationRow(op);\n assert(\n ret !== undefined,\n () => `Pre-mutation row not found for ${JSON.stringify(op.value)}`,\n );\n return ret;\n }\n\n async #passesPolicyGroup(\n applicableRowPolicy: Policy | undefined,\n applicableCellPolicies: Policy[],\n authData: JWTPayload | undefined,\n rowQuery: Query<string, Schema>,\n ) {\n if (!(await this.#passesPolicy(applicableRowPolicy, authData, rowQuery))) {\n return false;\n }\n\n for (const policy of applicableCellPolicies) {\n if (!(await this.#passesPolicy(policy, authData, rowQuery))) {\n return false;\n }\n }\n\n return true;\n }\n\n /**\n * Defaults to *false* if the policy is empty. At least one rule has to pass\n * for the policy to pass.\n */\n #passesPolicy(\n policy: Policy | undefined,\n authData: JWTPayload | undefined,\n rowQuery: Query<string, Schema>,\n ): MaybePromise<boolean> {\n if (policy === undefined) {\n return false;\n }\n if (policy.length === 0) {\n return false;\n }\n let rowQueryAst = asQueryInternals(rowQuery).ast;\n rowQueryAst = bindStaticParameters(\n {\n ...rowQueryAst,\n where: updateWhere(rowQueryAst.where, policy),\n },\n {\n authData: authData as Record<string, JSONValue>,\n preMutationRow: undefined,\n },\n );\n\n // call the compiler directly\n // run the sql against upstream.\n // remove the collecting into json? just need to know if a row comes back.\n\n const input = buildPipeline(rowQueryAst, this.#builderDelegate, 'query-id');\n try {\n const res = input.fetch({});\n for (const _ of res) {\n // if any row is returned at all, the\n // rule passes.\n return true;\n }\n } finally {\n input.destroy();\n }\n\n // no rows returned by any rules? The policy fails.\n return false;\n }\n}\n\nfunction updateWhere(where: Condition | undefined, policy: Policy) {\n assert(where, 'A where condition must exist for RowQuery');\n\n return simplifyCondition({\n type: 'and',\n conditions: [\n where,\n {\n type: 'or',\n conditions: policy.map(([action, rule]) => {\n assert(action);\n return rule;\n }),\n },\n ],\n });\n}\n\ntype ActionOpMap = {\n insert: InsertOp;\n update: UpdateOp;\n delete: DeleteOp;\n};\n"],"names":["v.parse"],"mappings":";;;;;;;;;;;;;;;AAoEO,MAAM,oBAA+C;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,8BAAc,IAAA;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAET,qBAA+C;AAAA,EAE/C,YACE,IACA,QACA,SACA,OACA,MACA,mBACA;AACA,SAAK,SAAS;AACd,SAAK,MAAM,GAAG,YAAY,SAAS,qBAAqB;AACxD,SAAK,aAAa,OAAO;AACzB,SAAK,UAAU,UAAU,KAAK,KAAK,OAAO;AAC1C,SAAK,WAAW;AAChB,SAAK,aAAa,kBAAkB,yBAAyB,IAAI;AACjE,SAAK,mBAAmB;AAAA,MACtB,WAAW,CAAA,SAAQ,KAAK,WAAW,IAAI;AAAA,MACvC,eAAe,MAAM,KAAK,WAAW,cAAA;AAAA,MACrC,qBAAqB,CAAA,UAAS;AAAA,MAC9B,eAAe,CAAA,UAAS;AAAA,MACxB,UAAU;AAAA,MAAC;AAAA,MACX,qBAAqB,CAAA,UAAS;AAAA,IAAA;AAEhC,SAAK,cAAc,gBAAgB,KAAK,KAAK,OAAO;AACpD,SAAK,mBAAmB,IAAI,gBAAgB,OAAO;AACnD,SAAK,kBAAA;AAAA,EACP;AAAA,EAEA,oBAAoB;AAClB,SAAK,qBAAqB;AAAA,MACxB,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,IAAA,EACL;AAAA,EACJ;AAAA,EAEA,UAAU;AACR,SAAK,WAAW,QAAA;AAAA,EAClB;AAAA,EAEA,MAAM,eACJ,UACA,KACA;AACA,eAAW,MAAM,KAAK;AACpB,cAAQ,GAAG,IAAA;AAAA,QACT,KAAK;AAEH;AAAA,QACF,KAAK;AACH,cAAI,CAAE,MAAM,KAAK,WAAW,eAAe,UAAU,EAAE,GAAI;AACzD,mBAAO;AAAA,UACT;AACA;AAAA,QACF,KAAK;AACH,cAAI,CAAE,MAAM,KAAK,WAAW,eAAe,UAAU,EAAE,GAAI;AACzD,mBAAO;AAAA,UACT;AACA;AAAA,MAAA;AAAA,IAEN;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,gBACJ,UACA,KACA;AACA,SAAK,iBAAiB,gBAAA;AACtB,QAAI;AACF,iBAAW,MAAM,KAAK;AACpB,cAAM,SAAS,KAAK,WAAW,GAAG,SAAS;AAC3C,gBAAQ,GAAG,IAAA;AAAA,UACT,KAAK,UAAU;AACb;AAAA,cACE,OAAO,KAAK;AAAA,gBACV,MAAM;AAAA,gBACN,KAAK,GAAG;AAAA,cAAA,CACT;AAAA,YAAA;AAEH;AAAA,UACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,UAMA,KAAK,UAAU;AACb;AAAA,cACE,OAAO,KAAK;AAAA,gBACV,MAAM;AAAA,gBACN,QAAQ,KAAK,uBAAuB,EAAE;AAAA,gBACtC,KAAK,GAAG;AAAA,cAAA,CACT;AAAA,YAAA;AAEH;AAAA,UACF;AAAA,UACA,KAAK,UAAU;AACb;AAAA,cACE,OAAO,KAAK;AAAA,gBACV,MAAM;AAAA,gBACN,KAAK,KAAK,uBAAuB,EAAE;AAAA,cAAA,CACpC;AAAA,YAAA;AAEH;AAAA,UACF;AAAA,QAAA;AAAA,MAEJ;AAEA,iBAAW,MAAM,KAAK;AACpB,gBAAQ,GAAG,IAAA;AAAA,UACT,KAAK;AACH,gBAAI,CAAE,MAAM,KAAK,WAAW,gBAAgB,UAAU,EAAE,GAAI;AAC1D,qBAAO;AAAA,YACT;AACA;AAAA,UACF,KAAK;AACH,gBAAI,CAAE,MAAM,KAAK,WAAW,gBAAgB,UAAU,EAAE,GAAI;AAC1D,qBAAO;AAAA,YACT;AACA;AAAA,UACF,KAAK;AAEH;AAAA,QAAA;AAAA,MAEN;AAAA,IACF,UAAA;AACE,WAAK,iBAAiB,SAAA;AAAA,IACxB;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,aAAa,KAA4C;AACvD,WAAO,IAAI,IAAI,CAAA,OAAM;AACnB,UAAI,GAAG,OAAO,UAAU;AACtB,cAAM,iBAAiB,KAAK,mBAAmB,EAAE;AACjD,YAAI,gBAAgB;AAClB,iBAAO;AAAA,YACL,IAAI;AAAA,YACJ,WAAW,GAAG;AAAA,YACd,YAAY,GAAG;AAAA,YACf,OAAO,GAAG;AAAA,UAAA;AAAA,QAEd;AACA,eAAO;AAAA,UACL,IAAI;AAAA,UACJ,WAAW,GAAG;AAAA,UACd,YAAY,GAAG;AAAA,UACf,OAAO,GAAG;AAAA,QAAA;AAAA,MAEd;AACA,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAAA,EAEA,WAAW,OAAc,UAAkC,IAAc;AACvE,WAAO,KAAK,YAAY,OAAO,UAAU,UAAU,EAAE;AAAA,EACvD;AAAA,EAEA,WAAW,OAAc,UAAkC,IAAc;AACvE,WAAO,KAAK,YAAY,OAAO,UAAU,UAAU,EAAE;AAAA,EACvD;AAAA,EAEA,WAAW,OAAc,UAAkC,IAAc;AACvE,WAAO,KAAK,YAAY,OAAO,UAAU,UAAU,EAAE;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,eACE,WACA,SACmC;AACnC,UAAM,YAAY,KAAK,YAAY,IAAI,SAAS;AAChD,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,SAAS,SAAS,YAAY;AAAA,IAChD;AACA,UAAM,UAAU,UAAU,UAAU;AAGpC,UAAM,SAA4C,CAAA;AAClD,eAAW,OAAO,SAAS;AACzB,YAAM,MAAM,QAAQ,GAAG;AACvB,UAAI,QAAQ,QAAW;AACrB,cAAM,IAAI;AAAA,UACR,uBAAuB,GAAG,+CAA+C,SAAS;AAAA,QAAA;AAAA,MAEtF;AACA,aAAO,GAAG,IAAI;AAAA,IAChB;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,WAAW,WAAmB;AAC5B,QAAI,SAAS,KAAK,QAAQ,IAAI,SAAS;AACvC,QAAI,QAAQ;AACV,aAAO;AAAA,IACT;AACA,UAAM,YAAY,KAAK,YAAY,IAAI,SAAS;AAChD,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,SAAS,SAAS,YAAY;AAAA,IAChD;AACA,UAAM,EAAC,SAAS,WAAA,IAAc,UAAU;AACxC,WAAO,WAAW,MAAM;AACxB,aAAS,IAAI;AAAA,MACX,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,MACL;AAAA,MACA,OAAO;AAAA,QACL,OAAO,QAAQ,OAAO,EAAE,IAAI,CAAC,CAAC,MAAM,EAAC,SAAA,CAAS,MAAM;AAAA,UAClD;AAAA,UACA,gCAAgC,QAAQ;AAAA,QAAA,CACzC;AAAA,MAAA;AAAA,MAEH,CAAC,WAAW,CAAC,GAAG,GAAG,WAAW,MAAM,CAAC,CAAC;AAAA,IAAA;AAExC,SAAK,QAAQ,IAAI,WAAW,MAAM;AAElC,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,YACJ,OACA,QACA,UACA,IACA;AACA,UAAM,QAAQ,YAAY,IAAA;AAC1B,QAAI;AACF,YAAM,MAAM,MAAM,KAAK,OAAO,OAAO,QAAQ,UAAU,EAAE;AACzD,aAAO;AAAA,IACT,UAAA;AACE,WAAK,IAAI;AAAA,QACP;AAAA,QACA;AAAA,QACA;AAAA,QACA,YAAY,QAAQ;AAAA,QACpB;AAAA,QACA,GAAG;AAAA,QACH;AAAA,QACA,GAAG;AAAA,MAAA;AAAA,IAEP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,OACJ,OACA,QACA,UACA,IACA;AACA,UAAM,QAAQ,KAAK,KAAK,kBAAkB,GAAG,aAAa,SACxD,GAAG,SACL;AACA,UAAM,cAAc,OAAO;AAC3B,QAAI,WAAW,eAAe,KAAK,SAAS,GAAG,SAAS;AAExD,UAAM,mBAAmB,KAAK,eAAe,GAAG,WAAW,GAAG,KAAK;AAEnE,eAAW,MAAM,kBAAkB;AACjC,iBAAW,SAAS,MAAM,IAAI,KAAK,iBAAiB,EAAE,CAAC;AAAA,IACzD;AAEA,QAAI;AACJ,YAAQ,QAAA;AAAA,MACN,KAAK;AACH,YAAI,UAAU,gBAAgB;AAC5B,gCAAsB,aAAa;AAAA,QACrC;AACA;AAAA,MACF,KAAK;AACH,YAAI,UAAU,eAAe;AAC3B,gCAAsB,aAAa,QAAQ;AAAA,QAC7C,WAAW,UAAU,gBAAgB;AACnC,gCAAsB,aAAa,QAAQ;AAAA,QAC7C;AACA;AAAA,MACF,KAAK;AACH,YAAI,UAAU,eAAe;AAC3B,gCAAsB,aAAa;AAAA,QACrC;AACA;AAAA,IAAA;AAGJ,UAAM,eAAe,OAAO;AAC5B,UAAM,yBAAmC,CAAA;AACzC,QAAI,cAAc;AAChB,iBAAW,CAAC,QAAQ,MAAM,KAAK,OAAO,QAAQ,YAAY,GAAG;AAC3D,YAAI,WAAW,YAAY,GAAG,MAAM,MAAM,MAAM,QAAW;AAGzD;AAAA,QACF;AACA,gBAAQ,QAAA;AAAA,UACN,KAAK;AACH,gBAAI,OAAO,UAAU,UAAU,gBAAgB;AAC7C,qCAAuB,KAAK,OAAO,MAAM;AAAA,YAC3C;AACA;AAAA,UACF,KAAK;AACH,gBAAI,UAAU,iBAAiB,OAAO,QAAQ,aAAa;AACzD,qCAAuB,KAAK,OAAO,OAAO,WAAW;AAAA,YACvD;AACA,gBAAI,UAAU,kBAAkB,OAAO,QAAQ,cAAc;AAC3D,qCAAuB,KAAK,OAAO,OAAO,YAAY;AAAA,YACxD;AACA;AAAA,UACF,KAAK;AACH,gBAAI,OAAO,UAAU,UAAU,eAAe;AAC5C,qCAAuB,KAAK,OAAO,MAAM;AAAA,YAC3C;AACA;AAAA,QAAA;AAAA,MAEN;AAAA,IACF;AAEA,QACE,CAAE,MAAM,KAAK;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IAAA,GAEF;AACA,WAAK,IAAI;AAAA,QACP,+BAA+B,KAAK;AAAA,UAClC;AAAA,QAAA,CACD,YAAY,MAAM,WAAW,KAAK,eAAe,KAAK;AAAA,UACrD;AAAA,QAAA,CACD,kBAAkB,KAAK;AAAA,UACtB;AAAA,QAAA,CACD,mBAAmB,KAAK,UAAU,sBAAsB,CAAC;AAAA,MAAA;AAE5D,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,mBAAmB,IAAoC;AACrD,UAAM,EAAC,UAAS;AAEhB,UAAM,mBAAmB,KAAK,eAAe,GAAG,WAAW,KAAK;AAEhE,UAAM,OAAO,KAAK,YAAY,IAAI,GAAG,SAAS;AAC9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,MAAM,SAAS,GAAG,SAAS,YAAY;AAAA,IACnD;AAEA,UAAM,aAAyB,CAAA;AAC/B,UAAM,SAA4B,CAAA;AAClC,eAAW,MAAM,kBAAkB;AACjC,iBAAW,KAAK,MAAM,IAAI,MAAM,EAAE,CAAC,IAAI;AACvC,aAAO,KAAKA,MAAQ,iBAAiB,EAAE,GAAG,qBAAqB,CAAC;AAAA,IAClE;AAEA,UAAM,MAAM,KAAK,iBAAiB;AAAA,MAChC;AAAA,QACE,aAAa,IAAI;AAAA,UACf,OAAO,KAAK,KAAK,OAAO,EAAE,IAAI,CAAA,MAAK,IAAI,MAAM,CAAC,CAAC;AAAA,UAC/C;AAAA,QAAA,CACD,SAAS,IAAI,MAAM,GAAG,SAAS,CAAC,UAAU,IAAI;AAAA,UAC7C;AAAA,UACA;AAAA,QAAA,CACD;AAAA,MAAA;AAAA,MAEH,GAAG;AAAA,IAAA;AAEL,QAAI,QAAQ,QAAW;AACrB,aAAO;AAAA,IACT;AACA,WAAO,gBAAgB,KAAK,SAAS,KAAK,GAAG,SAAS;AAAA,EACxD;AAAA,EAEA,uBAAuB,IAAyB;AAC9C,UAAM,MAAM,KAAK,mBAAmB,EAAE;AACtC;AAAA,MACE,QAAQ;AAAA,MACR,MAAM,kCAAkC,KAAK,UAAU,GAAG,KAAK,CAAC;AAAA,IAAA;AAElE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,mBACJ,qBACA,wBACA,UACA,UACA;AACA,QAAI,CAAE,MAAM,KAAK,cAAc,qBAAqB,UAAU,QAAQ,GAAI;AACxE,aAAO;AAAA,IACT;AAEA,eAAW,UAAU,wBAAwB;AAC3C,UAAI,CAAE,MAAM,KAAK,cAAc,QAAQ,UAAU,QAAQ,GAAI;AAC3D,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cACE,QACA,UACA,UACuB;AACvB,QAAI,WAAW,QAAW;AACxB,aAAO;AAAA,IACT;AACA,QAAI,OAAO,WAAW,GAAG;AACvB,aAAO;AAAA,IACT;AACA,QAAI,cAAc,iBAAiB,QAAQ,EAAE;AAC7C,kBAAc;AAAA,MACZ;AAAA,QACE,GAAG;AAAA,QACH,OAAO,YAAY,YAAY,OAAO,MAAM;AAAA,MAAA;AAAA,MAE9C;AAAA,QACE;AAAA,QACA,gBAAgB;AAAA,MAAA;AAAA,IAClB;AAOF,UAAM,QAAQ,cAAc,aAAa,KAAK,kBAAkB,UAAU;AAC1E,QAAI;AACF,YAAM,MAAM,MAAM,MAAM,EAAE;AAC1B,iBAAW,KAAK,KAAK;AAGnB,eAAO;AAAA,MACT;AAAA,IACF,UAAA;AACE,YAAM,QAAA;AAAA,IACR;AAGA,WAAO;AAAA,EACT;AACF;AAEA,SAAS,YAAY,OAA8B,QAAgB;AACjE,SAAO,OAAO,2CAA2C;AAEzD,SAAO,kBAAkB;AAAA,IACvB,MAAM;AAAA,IACN,YAAY;AAAA,MACV;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,YAAY,OAAO,IAAI,CAAC,CAAC,QAAQ,IAAI,MAAM;AACzC,iBAAO,MAAM;AACb,iBAAO;AAAA,QACT,CAAC;AAAA,MAAA;AAAA,IACH;AAAA,EACF,CACD;AACH;"}