npm - @stoker-platform/cli - Versions diffs - 0.5.12 - Mend

@stoker-platform/cli 0.5.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (94) hide show

package/LICENSE.md +102 -0
package/init-files/.##gitignore## +102 -0
package/init-files/.devcontainer/devcontainer.json +14 -0
package/init-files/.env/.env +70 -0
package/init-files/.eslintrc.cjs +35 -0
package/init-files/.firebaserc +6 -0
package/init-files/.prettierignore +86 -0
package/init-files/.prettierrc +5 -0
package/init-files/bin/build.js +221 -0
package/init-files/bin/shim.js +159 -0
package/init-files/extensions/firestore-send-email.env +7 -0
package/init-files/external.package.json +4 -0
package/init-files/firebase-rules/database.rules.json +9 -0
package/init-files/firebase-rules/firestore.custom.rules +19 -0
package/init-files/firebase-rules/firestore.indexes.json +0 -0
package/init-files/firebase-rules/firestore.rules +0 -0
package/init-files/firebase-rules/storage.rules +0 -0
package/init-files/firebase.hosting.json +122 -0
package/init-files/firebase.json +52 -0
package/init-files/functions/.##gitignore## +14 -0
package/init-files/functions/.eslintrc.cjs +28 -0
package/init-files/functions/package.json +46 -0
package/init-files/functions/prompts/chat.prompt +17 -0
package/init-files/functions/src/index.ts +457 -0
package/init-files/functions/tsconfig.dev.json +3 -0
package/init-files/functions/tsconfig.json +17 -0
package/init-files/icons/logo-large.png +0 -0
package/init-files/icons/logo-small.png +0 -0
package/init-files/ops.js +25 -0
package/init-files/package.json +53 -0
package/init-files/project-data.json +5 -0
package/init-files/remoteconfig.template.json +1 -0
package/init-files/src/collections/Inbox.ts +444 -0
package/init-files/src/collections/Outbox.ts +270 -0
package/init-files/src/collections/Settings.ts +44 -0
package/init-files/src/collections/Users.ts +138 -0
package/init-files/src/main.ts +245 -0
package/init-files/src/utils.ts +3 -0
package/init-files/src/vite-env.d.ts +1 -0
package/init-files/test/test.ts +5 -0
package/init-files/tsconfig.json +23 -0
package/init-files/vitest.config.ts +9 -0
package/lib/package.json +45 -0
package/lib/src/data/exportToBigQuery.js +41 -0
package/lib/src/data/seedData.js +347 -0
package/lib/src/deploy/applySchema.js +43 -0
package/lib/src/deploy/cloud-functions/getFunctionsData.js +18 -0
package/lib/src/deploy/deployProject.js +116 -0
package/lib/src/deploy/firestore-export/exportFirestoreData.js +29 -0
package/lib/src/deploy/firestore-ttl/deployTTLs.js +127 -0
package/lib/src/deploy/live-update/liveUpdate.js +22 -0
package/lib/src/deploy/maintenance/activateMaintenanceMode.js +9 -0
package/lib/src/deploy/maintenance/disableMaintenanceMode.js +9 -0
package/lib/src/deploy/maintenance/setDeploymentStatus.js +22 -0
package/lib/src/deploy/rules-indexes/generateFirestoreIndexes.js +23 -0
package/lib/src/deploy/rules-indexes/generateFirestoreRules.js +35 -0
package/lib/src/deploy/rules-indexes/generateStorageRules.js +23 -0
package/lib/src/deploy/schema/generateSchema.js +184 -0
package/lib/src/deploy/schema/persistSchema.js +14 -0
package/lib/src/lint/lintSchema.js +1491 -0
package/lib/src/lint/securityReport.js +223 -0
package/lib/src/main.js +460 -0
package/lib/src/migration/firestore/migrateFirestore.js +8 -0
package/lib/src/migration/firestore/operations/deleteField.js +58 -0
package/lib/src/migration/migrateAll.js +30 -0
package/lib/src/ops/auditDenormalized.js +124 -0
package/lib/src/ops/auditPermissions.js +92 -0
package/lib/src/ops/auditRelations.js +186 -0
package/lib/src/ops/explainPreloadQueries.js +65 -0
package/lib/src/ops/getUser.js +10 -0
package/lib/src/ops/getUserPermissions.js +19 -0
package/lib/src/ops/getUserRecord.js +20 -0
package/lib/src/ops/listProjects.js +8 -0
package/lib/src/ops/setUserCollection.js +14 -0
package/lib/src/ops/setUserDocument.js +11 -0
package/lib/src/ops/setUserRole.js +14 -0
package/lib/src/project/addProject.js +935 -0
package/lib/src/project/addRecord.js +9 -0
package/lib/src/project/addRecordPrompt.js +205 -0
package/lib/src/project/addTenant.js +59 -0
package/lib/src/project/buildWebApp.js +10 -0
package/lib/src/project/customDomain.js +157 -0
package/lib/src/project/deleteProject.js +51 -0
package/lib/src/project/deleteRecord.js +11 -0
package/lib/src/project/deleteTenant.js +49 -0
package/lib/src/project/getOne.js +25 -0
package/lib/src/project/getSome.js +28 -0
package/lib/src/project/initProject.js +16 -0
package/lib/src/project/prepareEmulatorData.js +125 -0
package/lib/src/project/setProject.js +13 -0
package/lib/src/project/startEmulators.js +30 -0
package/lib/src/project/updateRecord.js +9 -0
package/lib/tsconfig.tsbuildinfo +1 -0
package/package.json +45 -0

package/lib/src/ops/auditDenormalized.js ADDED Viewed

@@ -0,0 +1,124 @@
+import { fetchCurrentSchema, initializeStoker } from "@stoker-platform/node-client";
+import { getDependencyIndexFields, getLowercaseFields, getRoleGroups, getSingleFieldRelations, isDependencyField, isRelationField, } from "@stoker-platform/utils";
+import { join } from "node:path";
+import isEqual from "lodash/isEqual.js";
+import isEmpty from "lodash/isEmpty.js";
+import { getFirestore } from "firebase-admin/firestore";
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const auditDenormalized = async (options) => {
+    await initializeStoker(options.mode || "production", options.tenant, join(process.cwd(), "lib", "main.js"), join(process.cwd(), "lib", "collections"));
+    const schema = await fetchCurrentSchema();
+    const db = getFirestore();
+    for (const [collectionName, collectionSchema] of Object.entries(schema.collections)) {
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const collectionData = {};
+        console.log(`Loading ${collectionName}...`);
+        const collectionSnapshot = await db.collectionGroup(collectionName).get();
+        console.log(`Auditing ${collectionName}...`);
+        collectionSnapshot.forEach((doc) => {
+            if (!doc.ref.path.includes(`tenants/${options.tenant}`)) {
+                return;
+            }
+            collectionData[doc.id] = doc.data();
+        });
+        const singleFieldRelations = getSingleFieldRelations(collectionSchema, collectionSchema.fields);
+        const singleFieldRelationNames = Array.from(singleFieldRelations).map((field) => field.name);
+        for (const field of collectionSchema.fields) {
+            if (isDependencyField(field, collectionSchema, schema)) {
+                const dependencySnapshot = await db
+                    .collection("tenants")
+                    .doc(options.tenant)
+                    .collection("system_fields")
+                    .doc(collectionName)
+                    .collection(`${collectionName}-${field.name}`)
+                    .get();
+                dependencySnapshot.forEach((dependency) => {
+                    const dependencyData = dependency.data();
+                    const indexFields = getDependencyIndexFields(field, collectionSchema, schema);
+                    if (!indexFields.some((indexField) => indexField.name === field.name))
+                        indexFields.push(field);
+                    for (const indexField of indexFields) {
+                        if (indexField.name === "Collection_Path_String")
+                            continue;
+                        if (isRelationField(indexField)) {
+                            if (!getDependencyIndexFields(field, collectionSchema, schema).includes(indexField)) {
+                                const dependencyValue = dependencyData[indexField.name];
+                                const collectionValue = collectionData[dependency.id]?.[indexField.name];
+                                if (!isEqual(dependencyValue, collectionValue)) {
+                                    console.log(`${collectionName} ${dependency.id} ${field.name} Dependency: ${indexField.name} - ${JSON.stringify(dependencyValue)} !== ${JSON.stringify(collectionValue)}`);
+                                }
+                            }
+                            const dependencyValue = dependencyData[`${indexField.name}_Array`];
+                            const collectionValue = collectionData[dependency.id]?.[`${indexField.name}_Array`];
+                            if (!(isEmpty(dependencyValue) && isEmpty(collectionValue)) &&
+                                !isEqual(dependencyValue, collectionValue)) {
+                                console.log(`${collectionName} ${dependency.id} ${field.name} Dependency: ${indexField.name} - ${JSON.stringify(dependencyValue)} !== ${JSON.stringify(collectionValue)}`);
+                            }
+                        }
+                        else {
+                            const dependencyValue = dependencyData[indexField.name];
+                            const collectionValue = collectionData[dependency.id]?.[indexField.name];
+                            if (!isEqual(dependencyValue, collectionValue)) {
+                                console.log(`${collectionName} ${dependency.id} ${field.name} Dependency: ${indexField.name} - ${JSON.stringify(dependencyValue)} !== ${JSON.stringify(collectionValue)}`);
+                            }
+                        }
+                    }
+                });
+            }
+        }
+        const roleGroups = getRoleGroups(collectionSchema, schema);
+        for (const roleGroup of roleGroups) {
+            const dependencySnapshot = await db
+                .collection("tenants")
+                .doc(options.tenant)
+                .collection("system_fields")
+                .doc(collectionName)
+                .collection(`${collectionName}-${roleGroup.key}`)
+                .get();
+            dependencySnapshot.forEach((dependency) => {
+                const dependencyData = dependency.data();
+                const lowercaseFields = getLowercaseFields(collectionSchema, roleGroup.fields);
+                for (const indexField of roleGroup.fields) {
+                    if (indexField.name === "Collection_Path_String")
+                        continue;
+                    if (isRelationField(indexField)) {
+                        const dependencyValue = {
+                            [indexField.name]: dependencyData[indexField.name],
+                            [`${indexField.name}_Array`]: dependencyData[`${indexField.name}_Array`],
+                        };
+                        const collectionValue = {
+                            [indexField.name]: collectionData[dependency.id]?.[indexField.name],
+                            [`${indexField.name}_Array`]: collectionData[dependency.id]?.[`${indexField.name}_Array`],
+                        };
+                        if (singleFieldRelationNames.includes(indexField.name)) {
+                            dependencyValue[`${indexField.name}_Single`] = dependencyData[`${indexField.name}_Single`];
+                            collectionValue[`${indexField.name}_Single`] =
+                                collectionData[dependency.id]?.[`${indexField.name}_Single`];
+                        }
+                        if (!isEqual(dependencyValue, collectionValue)) {
+                            console.log(`${collectionName} ${dependency.id} Private ${roleGroup.key}: ${indexField.name} - ${JSON.stringify(dependencyValue)} !== ${JSON.stringify(collectionValue)}`);
+                        }
+                    }
+                    else {
+                        const dependencyValue = dependencyData[indexField.name];
+                        const collectionValue = collectionData[dependency.id]?.[indexField.name];
+                        if (!isEqual(dependencyValue, collectionValue)) {
+                            console.log(`${collectionName} ${dependency.id} Private ${roleGroup.key}: ${indexField.name} - ${JSON.stringify(dependencyValue)} !== ${JSON.stringify(collectionValue)}`);
+                        }
+                    }
+                    if (Array.from(lowercaseFields)
+                        .map((field) => field.name)
+                        .includes(indexField.name)) {
+                        const dependencyValue = dependencyData[`${indexField.name}_Lowercase`];
+                        const collectionValue = collectionData[dependency.id]?.[`${indexField.name}_Lowercase`];
+                        if (!isEqual(dependencyValue, collectionValue)) {
+                            console.log(`${collectionName} ${dependency.id} Private ${roleGroup.key}: ${indexField.name}_Lowercase - ${JSON.stringify(dependencyValue)} !== ${JSON.stringify(collectionValue)}`);
+                        }
+                    }
+                }
+            });
+        }
+        console.log(`${collectionName} audited.\n`);
+    }
+    process.exit();
+};

package/lib/src/ops/auditPermissions.js ADDED Viewed

@@ -0,0 +1,92 @@
+import { fetchCurrentSchema, initializeStoker } from "@stoker-platform/node-client";
+import { getFirestore } from "firebase-admin/firestore";
+import { join } from "node:path";
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const auditPermissions = async (options) => {
+    await initializeStoker(options.mode || "production", options.tenant, join(process.cwd(), "lib", "main.js"), join(process.cwd(), "lib", "collections"));
+    const schema = await fetchCurrentSchema();
+    const db = getFirestore();
+    const dbMain = getFirestore();
+    const mismatches = [];
+    const permissions = await db.collection("tenants").doc(options.tenant).collection("system_user_permissions").get();
+    for (const authCollection of Object.values(schema.collections)) {
+        if (authCollection.auth) {
+            for (const doc of permissions.docs) {
+                const permission = doc.data();
+                if (permission.Collection !== authCollection.labels.collection)
+                    continue;
+                for (const collection of Object.values(schema.collections)) {
+                    const { labels, access } = collection;
+                    if (access.auth) {
+                        if (!access.auth.includes(permission.Role) && permission.collections[labels.collection]?.auth) {
+                            mismatches.push(`*** User ${doc.id} has excess auth permission for ${labels.collection} collection ***`);
+                        }
+                        if (access.auth.includes(permission.Role) && !permission.collections[labels.collection]?.auth) {
+                            mismatches.push(`User ${doc.id} is missing auth permission for ${labels.collection} collection`);
+                        }
+                    }
+                    for (const operation of Object.entries(access.operations)) {
+                        const [operationName, operationValue] = operation;
+                        if (operationName !== "assignable") {
+                            const operationUpper = operationName.charAt(0).toUpperCase() + operationName.slice(1);
+                            if (operationValue.includes(permission.Role) &&
+                                !permission.collections[labels.collection]?.operations?.includes(operationUpper)) {
+                                mismatches.push(`User ${doc.id} is missing ${operationUpper} permission for ${labels.collection} collection`);
+                            }
+                        }
+                    }
+                    if (permission.collections[labels.collection]?.operations) {
+                        for (const operation of permission.collections[labels.collection].operations) {
+                            const accessOperation = access.operations[operation.toLowerCase()];
+                            if (accessOperation && !accessOperation?.includes(permission.Role)) {
+                                mismatches.push(`User ${doc.id} has excess ${operation} permission for ${labels.collection} collection`);
+                            }
+                        }
+                    }
+                    if (access.attributeRestrictions) {
+                        for (const restriction of access.attributeRestrictions) {
+                            for (const restrictionRole of restriction.roles) {
+                                if (restrictionRole.role === permission.Role) {
+                                    let assignmentType = undefined;
+                                    if (restriction.type === "Record_Owner") {
+                                        assignmentType = "recordOwner";
+                                    }
+                                    else if (restriction.type === "Record_User") {
+                                        assignmentType = "recordUser";
+                                    }
+                                    else if (restriction.type === "Record_Property") {
+                                        assignmentType = "recordProperty";
+                                    }
+                                    if (!restrictionRole.assignable &&
+                                        assignmentType &&
+                                        // eslint-disable-next-line security/detect-object-injection
+                                        !permission.collections[labels.collection]?.[assignmentType]?.active) {
+                                        mismatches.push(`User ${doc.id} is missing ${restriction.type} attribute restriction for ${labels.collection} collection`);
+                                    }
+                                }
+                            }
+                        }
+                    }
+                    if (access.entityRestrictions?.assignable?.includes(permission.Role))
+                        continue;
+                    const hasEntityRestriction = access.entityRestrictions?.restrictions?.some((entityRestriction) => entityRestriction.roles.some((role) => role.role === permission.Role));
+                    if (hasEntityRestriction && !permission.collections?.[labels.collection]?.restrictEntities) {
+                        mismatches.push(`User ${doc.id} is missing entity restriction for ${labels.collection} collection`);
+                    }
+                }
+            }
+        }
+    }
+    console.log(mismatches.join("\n\n"));
+    if (options.email && mismatches.length > 0) {
+        await dbMain.collection("system_mail").add({
+            to: options.email,
+            message: {
+                subject: `Stoker Permissions Audit`,
+                text: mismatches.join("\n\n"),
+            },
+        });
+        console.log(`Email sent to ${options.email}`);
+    }
+    process.exit();
+};

package/lib/src/ops/auditRelations.js ADDED Viewed

@@ -0,0 +1,186 @@
+import { fetchCurrentSchema, getFirestorePathRef, initializeStoker } from "@stoker-platform/node-client";
+import { getFirestore } from "firebase-admin/firestore";
+import { join } from "node:path";
+import isEqual from "lodash/isEqual.js";
+import { getField, getLowercaseFields, getSingleFieldRelations } from "@stoker-platform/utils";
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const auditRelations = async (options) => {
+    await initializeStoker(options.mode || "production", options.tenant, join(process.cwd(), "lib", "main.js"), join(process.cwd(), "lib", "collections"));
+    const schema = await fetchCurrentSchema();
+    const db = getFirestore();
+    for (const [collectionName, collectionSchema] of Object.entries(schema.collections)) {
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const collectionData = {};
+        console.log(`Loading ${collectionName}...`);
+        const collectionSnapshot = await db.collectionGroup(collectionName).get();
+        console.log(`Auditing ${collectionName}...`);
+        collectionSnapshot.forEach((doc) => {
+            if (!doc.ref.path.includes(`tenants/${options.tenant}`)) {
+                return;
+            }
+            collectionData[doc.id] = doc.data();
+        });
+        const singleFieldRelations = getSingleFieldRelations(collectionSchema, collectionSchema.fields);
+        const singleFieldRelationNames = Array.from(singleFieldRelations).map((field) => field.name);
+        for (const doc of collectionSnapshot.docs) {
+            if (!doc.ref.path.includes(`tenants/${options.tenant}`)) {
+                continue;
+            }
+            const record = doc.data();
+            for (const field of collectionSchema.fields) {
+                if ("collection" in field) {
+                    field.includeFields ||= [];
+                    field.includeFields.push("Collection_Path");
+                    field.includeFields.push("deleted");
+                    const relationCollection = schema.collections[field.collection];
+                    if (record[field.name]) {
+                        for (const relationRecord of Object.entries(record[field.name])) {
+                            const [id, relation] = relationRecord;
+                            const mainRelation = relation;
+                            const ref = getFirestorePathRef(db, mainRelation.Collection_Path, options.tenant);
+                            const sourceRef = await ref.doc(id).get();
+                            const source = sourceRef.data();
+                            if (!source) {
+                                if (field.preserve) {
+                                    for (const includeField of field.includeFields) {
+                                        const includeFieldsSchema = [];
+                                        field.includeFields.forEach((includeField) => {
+                                            if (includeField !== "Collection_Path" && includeField !== "deleted") {
+                                                const field = getField(relationCollection.fields, includeField);
+                                                includeFieldsSchema.push(field);
+                                            }
+                                        });
+                                        const relationLowercaseFields = getLowercaseFields(relationCollection, includeFieldsSchema);
+                                        const fieldsToRemove = Object.keys(mainRelation).filter((key) => !field.includeFields?.includes(key) &&
+                                            !(key.endsWith("_Lowercase") &&
+                                                Array.from(relationLowercaseFields)
+                                                    .map((field) => field.name)
+                                                    .includes(key.replace("_Lowercase", ""))));
+                                        if (includeField === "deleted" && !mainRelation.deleted) {
+                                            console.log(`${collectionName} ${doc.id} - Relation ${id} in field ${field.name} does not have "deleted" property`);
+                                        }
+                                        if (includeField !== "deleted" &&
+                                            Array.from(relationLowercaseFields)
+                                                .map((field) => field.name)
+                                                .includes(includeField)) {
+                                            if (mainRelation[`${includeField}_Lowercase`] !==
+                                                // eslint-disable-next-line security/detect-object-injection
+                                                mainRelation[includeField]?.toLowerCase()) {
+                                                console.log(
+                                                // eslint-disable-next-line security/detect-object-injection
+                                                `${collectionName} ${doc.id} - Field ${field.name} ${includeField}_Lowercase ${mainRelation[`${includeField}_Lowercase`]} !== ${mainRelation[includeField]?.toLowerCase()}`);
+                                            }
+                                        }
+                                        for (const removeField of fieldsToRemove) {
+                                            console.log(
+                                            // eslint-disable-next-line security/detect-object-injection
+                                            `${collectionName} ${doc.id} - Field ${field.name} ${removeField} is not in include fields`);
+                                        }
+                                    }
+                                    continue;
+                                }
+                                else {
+                                    console.log(`${collectionName} ${doc.id} - Source record at ${mainRelation.Collection_Path.join("/")}/${id} not found`);
+                                    continue;
+                                }
+                            }
+                            if (field.twoWay) {
+                                const sourceField = relationCollection.fields.find((sourceField) => sourceField.name === field.twoWay);
+                                if (!sourceField) {
+                                    console.log(`${collectionName} ${doc.id} - Two way field ${field.twoWay} not found in source collection`);
+                                    continue;
+                                }
+                                // eslint-disable-next-line security/detect-object-injection
+                                const sourceRelation = source?.[sourceField.name]?.[doc.id];
+                                if (!((sourceRelation &&
+                                    (source?.[`${sourceField.name}_Array`] || []).includes(doc.id) &&
+                                    (record?.[`${field.name}_Array`] || []).includes(id)) ||
+                                    ("preserve" in sourceField &&
+                                        sourceField.preserve &&
+                                        sourceRelation?.deleted &&
+                                        (source?.[`${sourceField.name}_Array`] || []).includes(doc.id)))) {
+                                    console.log(`${collectionName} ${doc.id} - Invalid two way relation ${field.name} ${id} found in record ${id} in source collection ${field.collection}`);
+                                    continue;
+                                }
+                            }
+                            if (!record[`${field.name}_Array`]?.includes(id)) {
+                                console.log(`${collectionName} ${doc.id} - Field ${field.name} ${id} not found in ${field.name}_Array`);
+                                continue;
+                            }
+                            if (singleFieldRelationNames.includes(field.name)) {
+                                if (!isEqual(record[`${field.name}_Single`], mainRelation)) {
+                                    console.log(`${collectionName} ${doc.id} - Field ${field.name} does not have a single relation`);
+                                    continue;
+                                }
+                            }
+                            for (const includeField of field.includeFields) {
+                                const relationCollection = schema.collections[field.collection];
+                                let lowercaseFields = new Set();
+                                if (includeField !== "Collection_Path" && includeField !== "deleted") {
+                                    const includeFieldSchema = getField(relationCollection.fields, includeField);
+                                    lowercaseFields = getLowercaseFields(relationCollection, [includeFieldSchema]);
+                                }
+                                if (includeField !== "deleted") {
+                                    // eslint-disable-next-line security/detect-object-injection
+                                    if (!isEqual(mainRelation[includeField], source[includeField])) {
+                                        console.log(
+                                        // eslint-disable-next-line security/detect-object-injection
+                                        `${collectionName} ${doc.id} - Field ${field.name} ${includeField} ${mainRelation[includeField]} !== ${source[includeField]}`);
+                                    }
+                                    if (lowercaseFields.size === 1) {
+                                        if (!isEqual(mainRelation[`${includeField}_Lowercase`], source[`${includeField}_Lowercase`])) {
+                                            console.log(
+                                            // eslint-disable-next-line security/detect-object-injection
+                                            `${collectionName} ${doc.id} - Field ${field.name} ${includeField}_Lowercase ${mainRelation[`${includeField}_Lowercase`]} !== ${source[`${includeField}_Lowercase`]}`);
+                                        }
+                                    }
+                                    if (singleFieldRelationNames.includes(field.name)) {
+                                        if (!isEqual(
+                                        // eslint-disable-next-line security/detect-object-injection
+                                        record[`${field.name}_Single`]?.[includeField],
+                                        // eslint-disable-next-line security/detect-object-injection
+                                        source[includeField])) {
+                                            console.log(
+                                            // eslint-disable-next-line security/detect-object-injection
+                                            `${collectionName} ${doc.id} - Field ${field.name}_Single ${includeField} ${record[`${field.name}_Single`]?.[includeField]} !== ${source[includeField]}`);
+                                        }
+                                        if (lowercaseFields.size === 1) {
+                                            if (!isEqual(record[`${field.name}_Single`]?.[`${includeField}_Lowercase`], source[`${includeField}_Lowercase`])) {
+                                                console.log(
+                                                // eslint-disable-next-line security/detect-object-injection
+                                                `${collectionName} ${doc.id} - Field ${field.name}_Single ${includeField}_Lowercase ${record[`${field.name}_Single`]?.[`${includeField}_Lowercase`]} !== ${source[`${includeField}_Lowercase`]}`);
+                                            }
+                                        }
+                                    }
+                                }
+                                else {
+                                    if (mainRelation.deleted) {
+                                        console.log(`${collectionName} ${doc.id} - Field ${field.name} has invalid deleted property`);
+                                    }
+                                }
+                            }
+                            const includeFieldsSchema = [];
+                            field.includeFields.forEach((includeField) => {
+                                if (includeField !== "Collection_Path" && includeField !== "deleted") {
+                                    const field = getField(relationCollection.fields, includeField);
+                                    includeFieldsSchema.push(field);
+                                }
+                            });
+                            const relationLowercaseFields = getLowercaseFields(relationCollection, includeFieldsSchema);
+                            const fieldsToRemove = Object.keys(mainRelation).filter((key) => !field.includeFields?.includes(key) &&
+                                !(key.endsWith("_Lowercase") &&
+                                    Array.from(relationLowercaseFields)
+                                        .map((field) => field.name)
+                                        .includes(key.replace("_Lowercase", ""))));
+                            for (const removeField of fieldsToRemove) {
+                                console.log(`${collectionName} ${doc.id} - Field ${field.name} ${removeField} is not in include fields`);
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        console.log(`${collectionName} audited.\n`);
+    }
+    process.exit();
+};

package/lib/src/ops/explainPreloadQueries.js ADDED Viewed

@@ -0,0 +1,65 @@
+import { fetchCurrentSchema, getCollectionRefs, initializeStoker } from "@stoker-platform/node-client";
+import { tryPromise, getRange } from "@stoker-platform/utils";
+import { Filter, getFirestore } from "firebase-admin/firestore";
+import { join } from "path";
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const explainPreloadQueries = async (options) => {
+    const { getGlobalConfigModule } = await initializeStoker("production", options.tenant, join(process.cwd(), "lib", "main.js"), join(process.cwd(), "lib", "collections"));
+    const globalConfig = getGlobalConfigModule();
+    const schema = await fetchCurrentSchema();
+    const db = getFirestore();
+    const permissionsSnapshot = await db
+        .collection("tenants")
+        .doc(options.tenant)
+        .collection("system_user_permissions")
+        .doc(options.id)
+        .get();
+    if (!permissionsSnapshot.exists) {
+        throw new Error("User not found");
+    }
+    const permissions = permissionsSnapshot.data();
+    const timezone = await tryPromise(globalConfig.timezone);
+    const preloadConfigSync = await tryPromise(globalConfig.preload?.sync);
+    const preloadConfig = await tryPromise(globalConfig.preload?.async);
+    const preloadCollections = [];
+    if (preloadConfigSync)
+        preloadCollections.push(...preloadConfigSync);
+    if (preloadConfig)
+        preloadCollections.push(...preloadConfig);
+    if (!preloadCollections.length)
+        process.exit();
+    for (const collection of preloadCollections) {
+        // eslint-disable-next-line security/detect-object-injection
+        const collectionSchema = schema.collections[collection];
+        const { preloadCache } = collectionSchema;
+        if (!preloadCache?.roles.includes(permissions?.Role))
+            continue;
+        const rangeConstraints = preloadCache?.range;
+        const constraints = (await tryPromise(collectionSchema.custom?.preloadCacheConstraints));
+        const orQueries = (await tryPromise(collectionSchema.custom?.preloadCacheOrQueries));
+        const queries = getCollectionRefs(options.tenant, [collection], schema, options.id, permissions).map((ref) => {
+            const disjunctions = [];
+            if (rangeConstraints) {
+                const { start, end } = getRange(rangeConstraints, timezone);
+                const rangeQueries = rangeConstraints.fields.map((field) => {
+                    return Filter.and(Filter.where(field, ">=", start), Filter.where(field, "<=", end));
+                });
+                disjunctions.push(Filter.and(Filter.or(...rangeQueries)));
+            }
+            if (orQueries) {
+                disjunctions.push(Filter.and(Filter.or(...orQueries.map((constraint) => Filter.where(...constraint)))));
+            }
+            if (constraints) {
+                disjunctions.push(Filter.and(...constraints.map((constraint) => Filter.where(...constraint))));
+            }
+            return ref.where(Filter.and(...disjunctions));
+        });
+        console.log(`${collection}:`);
+        for (const query of queries) {
+            const metrics = await query.explain({ analyze: options.analyze });
+            console.log(JSON.stringify(metrics.metrics));
+        }
+        console.log("\n");
+    }
+    process.exit();
+};

package/lib/src/ops/getUser.js ADDED Viewed

@@ -0,0 +1,10 @@
+import { initializeFirebase } from "@stoker-platform/node-client";
+import { getAuth } from "firebase-admin/auth";
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const getUser = async (options) => {
+    await initializeFirebase();
+    const auth = getAuth();
+    const user = await auth.getUser(options.id);
+    console.log(JSON.stringify(user));
+    process.exit();
+};

package/lib/src/ops/getUserPermissions.js ADDED Viewed

@@ -0,0 +1,19 @@
+import { initializeFirebase } from "@stoker-platform/node-client";
+import { getFirestore } from "firebase-admin/firestore";
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const getUserPermissions = async (options) => {
+    await initializeFirebase();
+    const db = getFirestore();
+    const usersRef = await db
+        .collection("tenants")
+        .doc(options.tenant)
+        .collection("system_user_permissions")
+        .doc(options.id)
+        .get();
+    if (!usersRef.exists) {
+        console.log("User not found");
+        process.exit();
+    }
+    console.log(JSON.stringify(usersRef.data()));
+    process.exit();
+};

package/lib/src/ops/getUserRecord.js ADDED Viewed

@@ -0,0 +1,20 @@
+import { initializeFirebase } from "@stoker-platform/node-client";
+import { getFirestore } from "firebase-admin/firestore";
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const getUserRecord = async (options) => {
+    await initializeFirebase();
+    const db = getFirestore();
+    const usersRef = await db
+        .collection("tenants")
+        .doc(options.tenant)
+        .collection(options.collection)
+        .where("User_ID", "==", options.id)
+        .get();
+    if (usersRef.empty) {
+        console.log("User not found");
+        process.exit();
+    }
+    const user = usersRef.docs[0].data();
+    console.log(JSON.stringify(user));
+    process.exit();
+};

package/lib/src/ops/listProjects.js ADDED Viewed

@@ -0,0 +1,8 @@
+import { initializeFirebase, runChildProcess } from "@stoker-platform/node-client";
+export const listProjects = async () => {
+    await initializeFirebase();
+    await runChildProcess("gcloud", ["projects", "list"]).catch(() => {
+        throw new Error("Error getting Google Cloud projects.");
+    });
+    process.exit();
+};

package/lib/src/ops/setUserCollection.js ADDED Viewed

@@ -0,0 +1,14 @@
+import { fetchCurrentSchema, initializeFirebase } from "@stoker-platform/node-client";
+import { getAuth } from "firebase-admin/auth";
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const setUserCollection = async (options) => {
+    await initializeFirebase();
+    const schema = await fetchCurrentSchema();
+    if (!Object.keys(schema.collections).includes(options.collection))
+        throw new Error(`Collection "${options.collection}" does not exist.`);
+    const auth = getAuth();
+    const user = await auth.getUser(options.id);
+    await auth.setCustomUserClaims(options.id, { ...user.customClaims, collection: options.collection });
+    console.log("User collection updated successfully.");
+    process.exit();
+};

package/lib/src/ops/setUserDocument.js ADDED Viewed

@@ -0,0 +1,11 @@
+import { initializeFirebase } from "@stoker-platform/node-client";
+import { getAuth } from "firebase-admin/auth";
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const setUserDocument = async (options) => {
+    await initializeFirebase();
+    const auth = getAuth();
+    const user = await auth.getUser(options.id);
+    await auth.setCustomUserClaims(options.id, { ...user.customClaims, doc: options.doc });
+    console.log("User document updated successfully.");
+    process.exit();
+};

package/lib/src/ops/setUserRole.js ADDED Viewed

@@ -0,0 +1,14 @@
+import { fetchCurrentSchema, initializeFirebase } from "@stoker-platform/node-client";
+import { getAuth } from "firebase-admin/auth";
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const setUserRole = async (options) => {
+    await initializeFirebase();
+    const schema = await fetchCurrentSchema();
+    if (!schema.config.roles.includes(options.role))
+        throw new Error(`Role "${options.role}" does not exist.`);
+    const auth = getAuth();
+    const user = await auth.getUser(options.id);
+    await auth.setCustomUserClaims(options.id, { ...user.customClaims, role: options.role });
+    console.log("User role updated successfully.");
+    process.exit();
+};