@smartive/graphql-magic 14.0.2 → 15.0.0

package/src/bin/gqm/gqm.ts

@@ -13,11 +13,10 @@ import {
   printSchemaFromModels,
 } from '../..';
 import { generateGraphqlApiTypes, generateGraphqlClientTypes } from './codegen';
-import { KNEXFILE_PATH, parseKnexfile } from './parse-knexfile';
+import { parseKnexfile } from './parse-knexfile';
 import { parseModels } from './parse-models';
 import { readLine } from './readline';
-import { ensureFileExists, getSetting, getSettings, writeToFile } from './settings';
-import { KNEXFILE } from './templates';
+import { getSetting, writeToFile } from './settings';
 
 config({
   path: '.env',
@@ -28,18 +27,11 @@ config({
 
 program.description('The graphql-magic cli.');
 
-program
-  .command('setup')
-  .description('Set up the project')
-  .action(async () => {
-    await getSettings();
-    ensureFileExists(KNEXFILE_PATH, KNEXFILE);
-  });
-
 program
   .command('generate')
   .description('Generate all the things')
   .action(async () => {
+    await getSetting('knexfilePath');
     const models = await parseModels();
     const generatedFolderPath = await getSetting('generatedFolderPath');
     const gqlModule = await getSetting('gqlModule');
@@ -51,64 +43,6 @@ program
     await generateGraphqlClientTypes();
   });
 
-program
-  .command('generate-models')
-  .description('Generate models.json')
-  .action(async () => {
-    await parseModels();
-  });
-
-program
-  .command('generate-schema')
-  .description('Generate schema')
-  .action(async () => {
-    const models = await parseModels();
-    const generatedFolderPath = await getSetting('generatedFolderPath');
-    writeToFile(`${generatedFolderPath}/schema.graphql`, printSchemaFromModels(models));
-  });
-
-program
-  .command('generate-mutation-queries')
-  .description('Generate mutation-queries')
-  .action(async () => {
-    const models = await parseModels();
-    const generatedFolderPath = await getSetting('generatedFolderPath');
-    const gqlModule = await getSetting('gqlModule');
-    writeToFile(`${generatedFolderPath}/client/mutations.ts`, generateMutations(models, gqlModule));
-  });
-
-program
-  .command('generate-db-types')
-  .description('Generate DB types')
-  .action(async () => {
-    const models = await parseModels();
-    const generatedFolderPath = await getSetting('generatedFolderPath');
-    writeToFile(`${generatedFolderPath}/db/index.ts`, generateDBModels(models));
-  });
-
-program
-  .command('generate-knex-types')
-  .description('Generate Knex types')
-  .action(async () => {
-    const models = await parseModels();
-    const generatedFolderPath = await getSetting('generatedFolderPath');
-    writeToFile(`${generatedFolderPath}/db/knex.ts`, generateKnexTables(models));
-  });
-
-program
-  .command('generate-graphql-api-types')
-  .description('Generate Graphql API types')
-  .action(async () => {
-    await generateGraphqlApiTypes();
-  });
-
-program
-  .command('generate-graphql-client-types')
-  .description('Generate Graphql client types')
-  .action(async () => {
-    await generateGraphqlClientTypes();
-  });
-
 program
   .command('generate-migration [<name>] [<date>]')
   .description('Generate Migration')

package/src/bin/gqm/parse-knexfile.ts

@@ -1,21 +1,20 @@
 import { IndentationText, Project } from 'ts-morph';
-import { ensureFileExists } from './settings';
+import { ensureFileExists, getSetting } from './settings';
 import { staticEval } from './static-eval';
 import { KNEXFILE } from './templates';
 import { findDeclarationInFile } from './utils';
 
-export const KNEXFILE_PATH = `knexfile.ts`;
-
 export const parseKnexfile = async () => {
   const project = new Project({
     manipulationSettings: {
       indentationText: IndentationText.TwoSpaces,
     },
   });
-  ensureFileExists(KNEXFILE_PATH, KNEXFILE);
+  const knexfilePath = await getSetting('knexfilePath');
+  ensureFileExists(knexfilePath, KNEXFILE);
 
-  const sourceFile = project.addSourceFileAtPath(KNEXFILE_PATH);
-  const configDeclaration = findDeclarationInFile(sourceFile, 'config');
+  const sourceFile = project.addSourceFileAtPath(knexfilePath);
+  const configDeclaration = findDeclarationInFile(sourceFile, 'knexConfig');
   const config = staticEval(configDeclaration, {});
   return config;
 };

package/src/bin/gqm/settings.ts

@@ -1,11 +1,28 @@
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs';
 import { dirname } from 'path';
 import { readLine } from './readline';
-import { EMPTY_MODELS } from './templates';
+import { EMPTY_MODELS, GET_ME, GITIGNORE, KNEXFILE } from './templates';
 
 const SETTINGS_PATH = '.gqmrc.json';
 
+const DEFAULT_ENV = {
+  DATABASE_HOST: 'localhost',
+  DATABASE_NAME: 'postgres',
+  DATABASE_USER: 'postgres',
+  DATABASE_PASSWORD: 'password',
+};
+
 const DEFAULTS = {
+  knexfilePath: {
+    question: 'What is the knexfile path?',
+    defaultValue: 'knexfile.ts',
+    init: (path: string) => {
+      for (const [name, value] of Object.entries(DEFAULT_ENV)) {
+        ensureFileContains('.env', `${name}=`, `${name}=${value}\n`);
+      }
+      ensureFileExists(path, KNEXFILE);
+    },
+  },
   modelsPath: {
     question: 'What is the models path?',
     defaultValue: 'src/config/models.ts',
@@ -17,6 +34,7 @@ const DEFAULTS = {
     question: 'What is the path for generated stuff?',
     defaultValue: 'src/generated',
     init: (path: string) => {
+      ensureFileContains('.gitignore', GITIGNORE(path));
       ensureFileExists(`${path}/.gitkeep`, '');
       ensureFileExists(`${path}/db/.gitkeep`, '');
       ensureFileExists(`${path}/api/.gitkeep`, '');
@@ -27,7 +45,7 @@ const DEFAULTS = {
     question: 'Where to look for graphql queries?',
     defaultValue: 'src/graphql/client/queries',
     init: (path: string) => {
-      ensureDirectoryExists(path);
+      ensureFileExists(`${path}/get-me.ts`, GET_ME);
     },
   },
   gqlModule: {
@@ -80,7 +98,7 @@ export const getSetting = async (name: keyof Settings): Promise<string> => {
   return settings[name];
 };
 
-const ensureDirectoryExists = (dir: string) => {
+export const ensureDirectoryExists = (dir: string) => {
   if (existsSync(dir)) {
     return true;
   }
@@ -107,6 +125,14 @@ export const ensureFileExists = (filePath: string, content: string) => {
   }
 };
 
+export const ensureFileContains = (filePath: string, content: string, fallback?: string) => {
+  ensureFileExists(filePath, content);
+  const fileContent = readFileSync(filePath, 'utf-8');
+  if (!fileContent.includes(content)) {
+    writeFileSync(filePath, fileContent + (fallback ?? content));
+  }
+};
+
 export const writeToFile = (filePath: string, content: string) => {
   ensureDirectoryExists(dirname(filePath));
   if (existsSync(filePath)) {

package/src/bin/gqm/templates.ts

@@ -1,7 +1,19 @@
-export const EMPTY_MODELS = `
-import { RawModels, Models } from '@smartive/graphql-magic';
+export const GITIGNORE = (path: string) => `
+# graphql-magic
+${path}/**/*
+${path}/**/.gitkeep
+`;
+
+export const DOTENV = `
+DATABASE_HOST=localhost
+DATABASE_NAME=postgres
+DATABASE_USER=postgres
+DATABASE_PASSWORD=password
+`;
+
+export const EMPTY_MODELS = `import { ModelDefinitions, Models } from '@smartive/graphql-magic';
 
-const rawModels: RawModels = [
+const modelDefinitions: ModelDefinitions = [
   {
     kind: 'entity',
     name: 'User',
@@ -9,11 +21,10 @@ const rawModels: RawModels = [
   },
 ]
 
-export const models = new Models(rawModels);
+export const models = new Models(modelDefinitions);
 `;
 
-export const KNEXFILE = `
-import { DateTime } from 'luxon';
+export const KNEXFILE = `import { DateTime } from 'luxon';
 import { types } from 'pg';
 
 const dateOids = { date: 1082, timestamptz: 1184, timestamp: 1114 };
@@ -26,7 +37,7 @@ for (const oid of Object.values(numberOids)) {
   types.setTypeParser(oid, Number);
 }
 
-const config = {
+const knexConfig = {
   client: 'postgresql',
   connection: {
     host: process.env.DATABASE_HOST,
@@ -43,5 +54,56 @@ const config = {
   },
 } as const;
 
-export default config;
+export default knexConfig;
+`;
+
+export const GET_ME = `import { gql } from '@smartive/graphql-magic';
+
+export const GET_ME = gql\`
+  query GetMe {
+    me {
+      id
+    }
+  }
+\`;
+`;
+
+export const EXECUTE = `
+import knexConfig from "@/knexfile";
+import { getSession } from "@auth0/nextjs-auth0";
+import { Context, User, execute } from "@smartive/graphql-magic";
+import { randomUUID } from "crypto";
+import { knex } from 'knex';
+import { DateTime } from "luxon";
+import { models } from "../config/models";
+
+export const executeGraphql = async <T, V = undefined>(
+  body: {
+    query: string;
+    operationName?: string;
+    variables?: V;
+    options?: { email?: string };
+}): Promise<{ data: T }> => {
+  const session = await getSession();
+
+  const db = knex(knexConfig);
+  let user: User | undefined;
+  // TODO: get user
+
+  const result = await execute({
+    req: null as unknown as Context['req'],
+    body,
+    knex: db as unknown as Context['knex'],
+    locale: 'en',
+    locales: ['en'],
+    user,
+    models: models,
+    permissions: { ADMIN: true, UNAUTHENTICATED: true }, // TODO: fine-grained permissions
+    now: DateTime.local(),
+  });
+  await db.destroy();
+
+  // https://github.com/vercel/next.js/issues/47447#issuecomment-1500371732
+  return JSON.parse(JSON.stringify(result)) as { data: T };
+}
 `;

package/src/client/queries.ts

@@ -14,7 +14,7 @@ import {
 
 export const getUpdateEntityQuery = (
   model: EntityModel,
-  role: any,
+  role: string,
   fields?: string[] | undefined,
   additionalFields = ''
 ) => `query Update${model.name}Fields ($id: ID!) {
@@ -28,7 +28,7 @@ export const getUpdateEntityQuery = (
       .join(' ')}
     ${getActionableRelations(model, 'update')
       .filter((name) => !fields || fields.includes(name))
-      .map((name) => `${name} { id }`)}
+      .map((name) => `${name} { id, display: ${model.getRelation(name).targetModel.displayField || 'id'} }`)}
     ${additionalFields}
   }
 }`;

package/src/context.ts

@@ -17,7 +17,7 @@ export type Context = {
   document: DocumentNode;
   locale: string;
   locales: string[];
-  user: User;
+  user?: User;
   models: Models;
   permissions: Permissions;
   mutationHook?: MutationHook;

package/src/permissions/check.ts

@@ -7,12 +7,14 @@ import { AliasGenerator, hash, ors } from '../resolvers/utils';
 import { BasicValue } from '../values';
 import { PermissionAction, PermissionLink, PermissionStack } from './generate';
 
+export const getRole = (ctx: Pick<FullContext, 'user'>) => ctx.user?.role ?? 'UNAUTHENTICATED';
+
 export const getPermissionStack = (
   ctx: Pick<FullContext, 'permissions' | 'user'>,
   type: string,
   action: PermissionAction
 ): boolean | PermissionStack => {
-  const rolePermissions = ctx.permissions[ctx.user.role];
+  const rolePermissions = ctx.permissions[getRole(ctx)];
   if (typeof rolePermissions === 'boolean' || rolePermissions === undefined) {
     return !!rolePermissions;
   }
@@ -45,7 +47,7 @@ export const applyPermissions = (
   }
 
   if (permissionStack === false) {
-    console.error(`No applicable permissions exist for ${ctx.user.role} ${type} ${action}.`);
+    console.error(`No applicable permissions exist for ${getRole(ctx)} ${type} ${action}.`);
     // eslint-disable-next-line @typescript-eslint/no-floating-promises -- we do not need to await knex here
     query.where(false);
     return permissionStack;
@@ -113,7 +115,7 @@ export const getEntityToMutate = async (
         .map(([key, value]) => `${key}: ${value}`)
         .join(', ')}`
     );
-    throw new PermissionError(ctx.user.role, action, `this ${model.name}`, 'no available permissions applied');
+    throw new PermissionError(getRole(ctx), action, `this ${model.name}`, 'no available permissions applied');
   }
 
   if (model.parent) {
@@ -139,7 +141,7 @@ export const checkCanWrite = async (
     return;
   }
   if (permissionStack === false) {
-    throw new PermissionError(ctx.user.role, action, model.plural, 'no applicable permissions');
+    throw new PermissionError(getRole(ctx), action, model.plural, 'no applicable permissions');
   }
 
   // eslint-disable-next-line @typescript-eslint/no-explicit-any -- using `select(1 as any)` to instantiate an "empty" query builder
@@ -156,13 +158,9 @@ export const checkCanWrite = async (
     }
 
     const fieldPermissions = field[action === 'CREATE' ? 'creatable' : 'updatable'];
-    if (fieldPermissions && typeof fieldPermissions === 'object' && !fieldPermissions.roles?.includes(ctx.user.role)) {
-      throw new PermissionError(
-        ctx.user.role,
-        action,
-        `this ${model.name}'s ${field.name}`,
-        'field permission not available'
-      );
+    const role = getRole(ctx);
+    if (fieldPermissions && typeof fieldPermissions === 'object' && !fieldPermissions.roles?.includes(role)) {
+      throw new PermissionError(role, action, `this ${model.name}'s ${field.name}`, 'field permission not available');
     }
 
     linked = true;
@@ -178,7 +176,7 @@ export const checkCanWrite = async (
 
     if (fieldPermissionStack === false || !fieldPermissionStack.length) {
       throw new PermissionError(
-        ctx.user.role,
+        role,
         action,
         `this ${model.name}'s ${field.name}`,
         'no applicable permissions on data to link'
@@ -194,13 +192,14 @@ export const checkCanWrite = async (
     );
   }
 
+  const role = getRole(ctx);
   if (linked) {
     const canMutate = await query;
     if (!canMutate) {
-      throw new PermissionError(ctx.user.role, action, `this ${model.name}`, 'no linkable entities');
+      throw new PermissionError(role, action, `this ${model.name}`, 'no linkable entities');
     }
   } else if (action === 'CREATE') {
-    throw new PermissionError(ctx.user.role, action, `this ${model.name}`, 'no linkable entities');
+    throw new PermissionError(role, action, `this ${model.name}`, 'no linkable entities');
   }
 };
 
@@ -213,12 +212,21 @@ const permissionLinkQuery = (
   const aliases = new AliasGenerator();
   let alias = aliases.getShort();
   const { type, me, where } = links[0];
-  // eslint-disable-next-line @typescript-eslint/no-floating-promises -- we do not need to await knex here
-  subQuery.from(`${type} as ${alias}`);
+
   if (me) {
+    if (!ctx.user) {
+      // eslint-disable-next-line @typescript-eslint/no-floating-promises -- we do not need to await knex here
+      subQuery.where(false);
+      return;
+    }
+
     // eslint-disable-next-line @typescript-eslint/no-floating-promises -- we do not need to await knex here
     subQuery.where({ [`${alias}.id`]: ctx.user.id });
   }
+
+  // eslint-disable-next-line @typescript-eslint/no-floating-promises -- we do not need to await knex here
+  subQuery.from(`${type} as ${alias}`);
+
   if (where) {
     applyWhere(ctx.models.getModel(type, 'entity'), subQuery, alias, where, aliases);
   }

package/src/resolvers/filters.ts

@@ -38,7 +38,7 @@ export const applyFilters = (node: FieldResolverNode, query: Knex.QueryBuilder,
       normalizedArguments.where.deleted &&
       (!Array.isArray(normalizedArguments.where.deleted) || normalizedArguments.where.deleted.some((v) => v))
     ) {
-      if (node.ctx.user.role !== 'ADMIN') {
+      if (node.ctx.user?.role !== 'ADMIN') {
         throw new ForbiddenError('You cannot access deleted entries.');
       }
     } else {

package/src/resolvers/mutations.ts

@@ -32,7 +32,7 @@ const create = async (model: EntityModel, { data: input }: { data: any }, ctx: F
   const normalizedInput = { ...input };
   normalizedInput.id = uuid();
   normalizedInput.createdAt = ctx.now;
-  normalizedInput.createdById = ctx.user.id;
+  normalizedInput.createdById = ctx.user?.id;
   if (model.parent) {
     normalizedInput.type = model.name;
   }
@@ -165,7 +165,7 @@ const del = async (model: EntityModel, { where, dryRun }: { where: any; dryRun:
     toDelete[currentModel.name][entity.id as string] = (entity[currentModel.displayField || 'id'] || entity.id) as string;
 
     if (!dryRun) {
-      const normalizedInput = { deleted: true, deletedAt: ctx.now, deletedById: ctx.user.id };
+      const normalizedInput = { deleted: true, deletedAt: ctx.now, deletedById: ctx.user?.id };
       const data = { prev: entity, input: {}, normalizedInput, next: { ...entity, ...normalizedInput } };
       if (ctx.mutationHook) {
         beforeHooks.push(async () => {
@@ -319,7 +319,7 @@ const createRevision = async (model: EntityModel, data: Entity, ctx: Context) =>
       id: revisionId,
       [`${typeToField(model.parent || model.name)}Id`]: data.id,
       createdAt: ctx.now,
-      createdById: ctx.user.id,
+      createdById: ctx.user?.id,
     };
 
     if (model.deletable) {
@@ -354,7 +354,7 @@ const createRevision = async (model: EntityModel, data: Entity, ctx: Context) =>
 const sanitize = (ctx: FullContext, model: EntityModel, data: Entity) => {
   if (model.updatable) {
     data.updatedAt = ctx.now;
-    data.updatedById = ctx.user.id;
+    data.updatedById = ctx.user?.id;
   }
 
   for (const key of Object.keys(data)) {

package/src/resolvers/resolver.ts

@@ -29,6 +29,10 @@ export const resolve = async (ctx: FullContext, id?: string) => {
   const { query, verifiedPermissionStacks } = await buildQuery(node);
 
   if (ctx.info.fieldName === 'me') {
+    if (!node.ctx.user.id) {
+      return undefined;
+    }
+
     void query.where({ [getColumn(node, 'id')]: node.ctx.user.id });
   }
 

package/src/resolvers/resolvers.ts

@@ -3,23 +3,25 @@ import { isRootModel, merge, not, typeToField } from '../models/utils';
 import { mutationResolver } from './mutations';
 import { queryResolver } from './resolver';
 
-export const getResolvers = (models: Models) => ({
-  Query: merge([
-    {
-      me: queryResolver,
-    },
-    ...models.entities
-      .filter(({ queriable }) => queriable)
-      .map((model) => ({
-        [typeToField(model.name)]: queryResolver,
-      })),
-    ...models.entities
-      .filter(({ listQueriable }) => listQueriable)
-      .map((model) => ({
-        [model.pluralField]: queryResolver,
-      })),
-  ]),
-  Mutation: merge<unknown>([
+export const getResolvers = (models: Models) => {
+  const resolvers: Record<string, any> = {
+    Query: merge([
+      {
+        me: queryResolver,
+      },
+      ...models.entities
+        .filter(({ queriable }) => queriable)
+        .map((model) => ({
+          [typeToField(model.name)]: queryResolver,
+        })),
+      ...models.entities
+        .filter(({ listQueriable }) => listQueriable)
+        .map((model) => ({
+          [model.pluralField]: queryResolver,
+        })),
+    ]),
+  };
+  const mutations = [
     ...models.entities
       .filter(not(isRootModel))
       .filter(({ creatable }) => creatable)
@@ -39,13 +41,17 @@ export const getResolvers = (models: Models) => ({
         [`delete${model.name}`]: mutationResolver,
         [`restore${model.name}`]: mutationResolver,
       })),
-  ]),
-  ...Object.assign(
-    {},
-    ...models.entities.filter(isRootModel).map((model) => ({
-      [model.name]: {
-        __resolveType: ({ TYPE }) => TYPE,
-      },
-    }))
-  ),
-});
+  ];
+
+  if (mutations.length) {
+    resolvers.Mutation = merge<unknown>(mutations);
+  }
+
+  for (const model of models.entities.filter(isRootModel)) {
+    resolvers[model.name] = {
+      __resolveType: ({ TYPE }) => TYPE,
+    };
+  }
+
+  return resolvers;
+};

package/src/resolvers/selects.ts

@@ -11,7 +11,7 @@ import {
   getNameOrAlias,
   getSimpleFields,
 } from '.';
-import { PermissionError, UserInputError } from '..';
+import { PermissionError, UserInputError, getRole } from '..';
 
 export const applySelects = (node: ResolverNode, query: Knex.QueryBuilder, joins: Joins) => {
   // Simple field selects
@@ -28,9 +28,10 @@ export const applySelects = (node: ResolverNode, query: Knex.QueryBuilder, joins
             return false;
           }
 
-          if (typeof field.queriable === 'object' && !field.queriable.roles?.includes(node.ctx.user.role)) {
+          const role = getRole(node.ctx);
+          if (typeof field.queriable === 'object' && !field.queriable.roles?.includes(role)) {
             throw new PermissionError(
-              node.ctx.user.role,
+              role,
               'READ',
               `${node.model.name}'s field "${field.name}"`,
               'field permission not available'