@rpcbase/db 0.35.0 → 0.36.0

package/README.md

@@ -1,25 +1,20 @@
 ## `@rpcbase/db`
 
-### `LocalizedString` / `zI18nString()`
+### Zod extensions
 
-`zI18nString()` (alias of `zLocalizedString()`) describes a localized string as an object, keyed by *language codes* (BCP47):
+This package provides a small Zod extension that adds `.unique()` and `.sparse()` to `z.string()`, `z.number()`, and `z.date()` (for chaining/compatibility).
 
 ```ts
-import { z } from "zod"
-import { zI18nString, zodSchema } from "@rpcbase/db"
+import { z } from "@rpcbase/db"
 
-const ZPost = z.object({
-  title: zI18nString(), // { "en": "...", "fr": "...", "fr-FR": "..." }
+const ZUser = z.object({
+  email: z.string().email().unique().sparse(),
+  createdAt: z.date().sparse(),
 })
-
-const schema = zodSchema(ZPost)
 ```
 
-**Mongoose-side (important)**
+### Mongoose re-export
 
-- The field is stored as an object and typed as `SchemaTypes.Mixed` (not a `Map`).
-- On read, the Mongoose getter returns a “proxy” object with automatic fallback: `fr-FR` falls back to `fr` if `fr-FR` doesn’t exist.
-  - `doc.title["fr-FR"]` → fallback
-  - `doc.title.get("fr-FR")` → fallback (read helper)
-  - `doc.title.getExact("fr-FR")` → exact (no fallback)
-- On write, because it’s `Mixed`, avoid silent deep mutations: prefer replacing the object (`doc.title = { ...doc.title, fr: "Salut" }`) or call `doc.markModified("title")`.
+```ts
+import { Schema, model, mongoose } from "@rpcbase/db"
+```

package/dist/acl/index.js

@@ -0,0 +1,11 @@
+import { b, d, f, e, g, c, a, r } from "../can-urGFf45M.js";
+export {
+  b as buildAbility,
+  d as buildAbilityFromSession,
+  f as can,
+  e as getAccessibleByQuery,
+  g as getRegisteredPolicies,
+  c as getTenantRolesFromSessionUser,
+  a as registerPoliciesFromModules,
+  r as registerPolicy
+};

package/dist/can-urGFf45M.js

@@ -0,0 +1,131 @@
+import { AbilityBuilder, createMongoAbility, subject } from "@casl/ability";
+import { accessibleBy } from "@casl/mongoose";
+const POLICIES_GLOBAL_KEY = /* @__PURE__ */ Symbol.for("@rpcbase/db/acl/policiesBySubject");
+const getGlobalPoliciesMap = () => {
+  const store = globalThis;
+  const existing = store[POLICIES_GLOBAL_KEY];
+  if (existing instanceof Map) {
+    return existing;
+  }
+  const created = /* @__PURE__ */ new Map();
+  store[POLICIES_GLOBAL_KEY] = created;
+  return created;
+};
+const policiesBySubject = getGlobalPoliciesMap();
+const isPolicy = (value) => {
+  if (!value || typeof value !== "object") return false;
+  const maybe = value;
+  return typeof maybe.subject === "string" && typeof maybe.define === "function";
+};
+const registerPolicy = (policy) => {
+  const set = policiesBySubject.get(policy.subject) ?? /* @__PURE__ */ new Set();
+  set.add(policy.define);
+  policiesBySubject.set(policy.subject, set);
+};
+const registerPoliciesFromModules = (modules) => {
+  for (const [exportName, value] of Object.entries(modules)) {
+    if (!isPolicy(value)) continue;
+    if (!exportName.endsWith("Policy")) {
+      throw new Error(
+        `Invalid policy export name "${exportName}". Policies must be exported as "<ModelName>Policy".`
+      );
+    }
+    const expectedSubject = exportName.slice(0, -"Policy".length);
+    if (value.subject !== expectedSubject) {
+      throw new Error(
+        `Invalid policy "${exportName}": expected subject "${expectedSubject}", got "${value.subject}".`
+      );
+    }
+    registerPolicy(value);
+  }
+};
+const getRegisteredPolicies = () => {
+  const out = [];
+  for (const set of policiesBySubject.values()) {
+    for (const fn of set) out.push(fn);
+  }
+  return out;
+};
+const buildAbility = (ctx) => {
+  const builder = new AbilityBuilder(createMongoAbility);
+  const { can: can2 } = builder;
+  if (ctx.roles.includes("owner") || ctx.roles.includes("admin")) {
+    can2("manage", "all");
+  }
+  for (const define of getRegisteredPolicies()) {
+    define(builder, ctx);
+  }
+  return builder.build();
+};
+const normalizeRole = (raw) => {
+  if (typeof raw !== "string") return null;
+  const normalized = raw.trim();
+  return normalized ? normalized : null;
+};
+const normalizeRoles = (raw) => {
+  if (Array.isArray(raw)) {
+    return raw.map(normalizeRole).filter((r) => Boolean(r));
+  }
+  const role = normalizeRole(raw);
+  return role ? [role] : [];
+};
+const normalizeRolesByTenantId = (raw) => {
+  if (!raw || typeof raw !== "object") return null;
+  if (raw instanceof Map) {
+    return Object.fromEntries(Array.from(raw.entries()).map(([key, value]) => [String(key), normalizeRoles(value)]));
+  }
+  const obj = raw;
+  const out = {};
+  for (const [key, value] of Object.entries(obj)) {
+    const tenantId = String(key).trim();
+    if (!tenantId) continue;
+    out[tenantId] = normalizeRoles(value);
+  }
+  return out;
+};
+const getTenantRolesFromSessionUser = (user, tenantId) => {
+  if (!user || typeof user !== "object") return [];
+  const rolesByTenantId = normalizeRolesByTenantId(user.tenantRoles);
+  if (!rolesByTenantId) return [];
+  return rolesByTenantId[tenantId]?.filter(Boolean) ?? [];
+};
+const buildAbilityFromSession = ({
+  tenantId,
+  session,
+  claims
+}) => {
+  const user = session?.user;
+  const userId = typeof user?.id === "string" ? user.id.trim() : "";
+  const rolesByTenantId = normalizeRolesByTenantId(user?.tenantRoles);
+  const hasExplicitTenantEntry = Boolean(
+    rolesByTenantId && Object.prototype.hasOwnProperty.call(rolesByTenantId, tenantId)
+  );
+  const signedInTenantsRaw = user?.signedInTenants;
+  const signedInTenants = Array.isArray(signedInTenantsRaw) ? signedInTenantsRaw.map(String) : [];
+  const roles = hasExplicitTenantEntry ? rolesByTenantId[tenantId] ?? [] : userId && signedInTenants.includes(tenantId) ? ["owner"] : getTenantRolesFromSessionUser(user, tenantId);
+  return buildAbility({
+    tenantId,
+    userId: userId || null,
+    roles,
+    claims
+  });
+};
+const getAccessibleByQuery = (ability, action, subject2) => {
+  return accessibleBy(ability, action).ofType(subject2);
+};
+const can = (ability, action, subjectType, object) => {
+  if (object && typeof object === "object") {
+    return ability.can(action, subject(subjectType, object));
+  }
+  return ability.can(action, subjectType);
+};
+export {
+  registerPoliciesFromModules as a,
+  buildAbility as b,
+  getTenantRolesFromSessionUser as c,
+  buildAbilityFromSession as d,
+  getAccessibleByQuery as e,
+  can as f,
+  getRegisteredPolicies as g,
+  registerPolicy as r
+};

package/dist/extendMongooseSchema.d.ts

@@ -0,0 +1,6 @@
+import { Schema } from '../../vite/node_modules/mongoose';
+type MongooseSchemaExtension = Parameters<Schema["add"]>[0];
+export declare function extendMongooseSchema<TSchema extends Schema>(baseSchema: TSchema, ...extensions: MongooseSchemaExtension[]): TSchema;
+export declare function omitSchemaPaths<TSchema extends Schema>(schema: TSchema, paths: string[]): TSchema;
+export {};
+//# sourceMappingURL=extendMongooseSchema.d.ts.map

package/dist/extendMongooseSchema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"extendMongooseSchema.d.ts","sourceRoot":"","sources":["../src/extendMongooseSchema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AAGjC,KAAK,uBAAuB,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AAE3D,wBAAgB,oBAAoB,CAAC,OAAO,SAAS,MAAM,EACzD,UAAU,EAAE,OAAO,EACnB,GAAG,UAAU,EAAE,uBAAuB,EAAE,GACvC,OAAO,CAMT;AAED,wBAAgB,eAAe,CAAC,OAAO,SAAS,MAAM,EACpD,MAAM,EAAE,OAAO,EACf,KAAK,EAAE,MAAM,EAAE,GACd,OAAO,CAIT"}

package/dist/index.browser.d.ts

@@ -0,0 +1,2 @@
+export * from './zod';
+//# sourceMappingURL=index.browser.d.ts.map

package/dist/index.browser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.browser.d.ts","sourceRoot":"","sources":["../src/index.browser.ts"],"names":[],"mappings":"AAAA,cAAc,OAAO,CAAA"}

package/dist/index.browser.js

@@ -0,0 +1,22 @@
+import { z } from "zod";
+import { z as z2 } from "zod";
+let zodExtended = false;
+function extendZod(zod) {
+  if (zodExtended) return;
+  zodExtended = true;
+  const supported = [zod.ZodString, zod.ZodNumber, zod.ZodDate];
+  for (const type of supported) {
+    const proto = type?.prototype;
+    if (!proto) continue;
+    proto.unique = function unique(_flag = true) {
+      return this;
+    };
+    proto.sparse = function sparse(_flag = true) {
+      return this;
+    };
+  }
+}
+extendZod(z);
+export {
+  z2 as z
+};

package/dist/index.d.ts

@@ -1,8 +1,10 @@
+export * from './acl';
 export * from './models';
-export * from './schema';
+export * from './mongoose';
+export * from './pagination';
+export * from './zod';
 export * from './createModels';
+export * from './extendMongooseSchema';
 export * from './modelsApi';
 export * from './tenantFilesystemDb';
-export * from './acl';
-export * from './pagination';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAA;AACxB,cAAc,UAAU,CAAA;AACxB,cAAc,gBAAgB,CAAA;AAC9B,cAAc,aAAa,CAAA;AAC3B,cAAc,sBAAsB,CAAA;AACpC,cAAc,OAAO,CAAA;AACrB,cAAc,cAAc,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,OAAO,CAAA;AACrB,cAAc,UAAU,CAAA;AACxB,cAAc,YAAY,CAAA;AAC1B,cAAc,cAAc,CAAA;AAC5B,cAAc,OAAO,CAAA;AAErB,cAAc,gBAAgB,CAAA;AAC9B,cAAc,wBAAwB,CAAA;AACtC,cAAc,aAAa,CAAA;AAC3B,cAAc,sBAAsB,CAAA"}