npm - @stoker-platform/cli - Versions diffs - 0.5.12 - Mend

@stoker-platform/cli 0.5.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (94) hide show

package/LICENSE.md +102 -0
package/init-files/.##gitignore## +102 -0
package/init-files/.devcontainer/devcontainer.json +14 -0
package/init-files/.env/.env +70 -0
package/init-files/.eslintrc.cjs +35 -0
package/init-files/.firebaserc +6 -0
package/init-files/.prettierignore +86 -0
package/init-files/.prettierrc +5 -0
package/init-files/bin/build.js +221 -0
package/init-files/bin/shim.js +159 -0
package/init-files/extensions/firestore-send-email.env +7 -0
package/init-files/external.package.json +4 -0
package/init-files/firebase-rules/database.rules.json +9 -0
package/init-files/firebase-rules/firestore.custom.rules +19 -0
package/init-files/firebase-rules/firestore.indexes.json +0 -0
package/init-files/firebase-rules/firestore.rules +0 -0
package/init-files/firebase-rules/storage.rules +0 -0
package/init-files/firebase.hosting.json +122 -0
package/init-files/firebase.json +52 -0
package/init-files/functions/.##gitignore## +14 -0
package/init-files/functions/.eslintrc.cjs +28 -0
package/init-files/functions/package.json +46 -0
package/init-files/functions/prompts/chat.prompt +17 -0
package/init-files/functions/src/index.ts +457 -0
package/init-files/functions/tsconfig.dev.json +3 -0
package/init-files/functions/tsconfig.json +17 -0
package/init-files/icons/logo-large.png +0 -0
package/init-files/icons/logo-small.png +0 -0
package/init-files/ops.js +25 -0
package/init-files/package.json +53 -0
package/init-files/project-data.json +5 -0
package/init-files/remoteconfig.template.json +1 -0
package/init-files/src/collections/Inbox.ts +444 -0
package/init-files/src/collections/Outbox.ts +270 -0
package/init-files/src/collections/Settings.ts +44 -0
package/init-files/src/collections/Users.ts +138 -0
package/init-files/src/main.ts +245 -0
package/init-files/src/utils.ts +3 -0
package/init-files/src/vite-env.d.ts +1 -0
package/init-files/test/test.ts +5 -0
package/init-files/tsconfig.json +23 -0
package/init-files/vitest.config.ts +9 -0
package/lib/package.json +45 -0
package/lib/src/data/exportToBigQuery.js +41 -0
package/lib/src/data/seedData.js +347 -0
package/lib/src/deploy/applySchema.js +43 -0
package/lib/src/deploy/cloud-functions/getFunctionsData.js +18 -0
package/lib/src/deploy/deployProject.js +116 -0
package/lib/src/deploy/firestore-export/exportFirestoreData.js +29 -0
package/lib/src/deploy/firestore-ttl/deployTTLs.js +127 -0
package/lib/src/deploy/live-update/liveUpdate.js +22 -0
package/lib/src/deploy/maintenance/activateMaintenanceMode.js +9 -0
package/lib/src/deploy/maintenance/disableMaintenanceMode.js +9 -0
package/lib/src/deploy/maintenance/setDeploymentStatus.js +22 -0
package/lib/src/deploy/rules-indexes/generateFirestoreIndexes.js +23 -0
package/lib/src/deploy/rules-indexes/generateFirestoreRules.js +35 -0
package/lib/src/deploy/rules-indexes/generateStorageRules.js +23 -0
package/lib/src/deploy/schema/generateSchema.js +184 -0
package/lib/src/deploy/schema/persistSchema.js +14 -0
package/lib/src/lint/lintSchema.js +1491 -0
package/lib/src/lint/securityReport.js +223 -0
package/lib/src/main.js +460 -0
package/lib/src/migration/firestore/migrateFirestore.js +8 -0
package/lib/src/migration/firestore/operations/deleteField.js +58 -0
package/lib/src/migration/migrateAll.js +30 -0
package/lib/src/ops/auditDenormalized.js +124 -0
package/lib/src/ops/auditPermissions.js +92 -0
package/lib/src/ops/auditRelations.js +186 -0
package/lib/src/ops/explainPreloadQueries.js +65 -0
package/lib/src/ops/getUser.js +10 -0
package/lib/src/ops/getUserPermissions.js +19 -0
package/lib/src/ops/getUserRecord.js +20 -0
package/lib/src/ops/listProjects.js +8 -0
package/lib/src/ops/setUserCollection.js +14 -0
package/lib/src/ops/setUserDocument.js +11 -0
package/lib/src/ops/setUserRole.js +14 -0
package/lib/src/project/addProject.js +935 -0
package/lib/src/project/addRecord.js +9 -0
package/lib/src/project/addRecordPrompt.js +205 -0
package/lib/src/project/addTenant.js +59 -0
package/lib/src/project/buildWebApp.js +10 -0
package/lib/src/project/customDomain.js +157 -0
package/lib/src/project/deleteProject.js +51 -0
package/lib/src/project/deleteRecord.js +11 -0
package/lib/src/project/deleteTenant.js +49 -0
package/lib/src/project/getOne.js +25 -0
package/lib/src/project/getSome.js +28 -0
package/lib/src/project/initProject.js +16 -0
package/lib/src/project/prepareEmulatorData.js +125 -0
package/lib/src/project/setProject.js +13 -0
package/lib/src/project/startEmulators.js +30 -0
package/lib/src/project/updateRecord.js +9 -0
package/lib/tsconfig.tsbuildinfo +1 -0
package/package.json +45 -0

package/lib/src/lint/securityReport.js ADDED Viewed

@@ -0,0 +1,223 @@
+import { generateSchema } from "../deploy/schema/generateSchema.js";
+import { getAccessFields, getField, getDependencyIndexFields, isDependencyField, isRelationField, getRoleGroups, getFieldCustomization, } from "@stoker-platform/utils";
+import { statSync } from "node:fs";
+import { join } from "node:path";
+import { pathToFileURL } from "node:url";
+/* eslint-disable security/detect-object-injection */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const securityReport = async () => {
+    const writeRuleReads = {};
+    const roles = {};
+    let isError = false;
+    const schema = await generateSchema();
+    const path = join(process.cwd(), "lib", "main.js");
+    const url = pathToFileURL(path).href;
+    const globalConfigFile = await import(url);
+    const globalConfig = globalConfigFile.default("node");
+    for (const [collectionName, collectionSchema] of Object.entries(schema.collections)) {
+        const { auth, fields, access } = collectionSchema;
+        const { serverWriteOnly } = access;
+        if (serverWriteOnly)
+            continue;
+        writeRuleReads[collectionName] = {};
+        writeRuleReads[collectionName].main = new Set();
+        writeRuleReads[collectionName].batch = new Set();
+        writeRuleReads[collectionName].main.add("User Document Lookup");
+        writeRuleReads[collectionName].main.add("Latest Deploy Document");
+        writeRuleReads[collectionName].main.add("Maintenance Mode Document");
+        writeRuleReads[collectionName].batch.add("User Document Lookup");
+        writeRuleReads[collectionName].batch.add("Latest Deploy Document");
+        writeRuleReads[collectionName].batch.add("Maintenance Mode Document");
+        const roleGroups = getRoleGroups(collectionSchema, schema);
+        roleGroups.forEach(() => {
+            writeRuleReads[collectionName].batch.add("Main Document");
+        });
+        if (auth) {
+            writeRuleReads[collectionName].main.add("Document Lock Lookup");
+            writeRuleReads[collectionName].batch.add("Document Lock Lookup");
+        }
+        for (const field of fields) {
+            if (isRelationField(field)) {
+                if (field.enforceHierarchy) {
+                    writeRuleReads[collectionName].batch.add(`${field.name} ${field.enforceHierarchy.field} Hierarchy Document`);
+                    writeRuleReads[collectionName].main.add(`${field.name} ${field.enforceHierarchy.field} Hierarchy Document`);
+                }
+            }
+            if ("unique" in field && field.unique) {
+                writeRuleReads[collectionName].batch.add("Main Document");
+                writeRuleReads[collectionName].batch.add(`${field.name} Main Unique Document Exists`);
+                writeRuleReads[collectionName].batch.add(`${field.name} Main Unique Document Get`);
+                writeRuleReads[collectionName].main.add(`${field.name} Main Unique Document Exists`);
+                writeRuleReads[collectionName].main.add(`${field.name} Main Unique Document Get`);
+            }
+            if (isDependencyField(field, collectionSchema, schema)) {
+                writeRuleReads[collectionName].batch.add("Main Document");
+            }
+        }
+    }
+    for (const role of globalConfig.roles) {
+        roles[role] = {};
+        for (const [collectionName, collectionSchema] of Object.entries(schema.collections)) {
+            const { fields, access } = collectionSchema;
+            if (access.operations.assignable === true ||
+                (typeof access.operations.assignable === "object" && access.operations.assignable.includes(role)) ||
+                access.operations.read?.includes(role)) {
+                for (const field of fields) {
+                    if (field.access)
+                        continue;
+                    const path = join(process.cwd(), "lib", "collections", `${collectionName}.js`);
+                    const url = pathToFileURL(path).href;
+                    const customizationFile = await import(url);
+                    const customization = customizationFile.default("node");
+                    if (isRelationField(field)) {
+                        const relationCollection = schema.collections[field.collection];
+                        const relationAccess = relationCollection.access;
+                        if (relationAccess.operations.assignable === true ||
+                            (typeof relationAccess.operations.assignable === "object" &&
+                                relationAccess.operations.assignable.includes(role)) ||
+                            !relationAccess.operations.read?.includes(role)) {
+                            if (field.dependencyFields) {
+                                for (const dependencyField of field.dependencyFields) {
+                                    if (dependencyField.roles.includes(role)) {
+                                        roles[role][field.collection] ||= {};
+                                        if (!roles[role][field.collection][dependencyField.field]) {
+                                            roles[role][field.collection][dependencyField.field] = new Set();
+                                        }
+                                        roles[role][field.collection][dependencyField.field].add(`${collectionName}- Dependency`);
+                                        const dependencyCollection = schema.collections[field.collection];
+                                        const dependencyFieldSchema = getField(dependencyCollection.fields, dependencyField.field);
+                                        const indexFields = getDependencyIndexFields(dependencyFieldSchema, dependencyCollection, schema);
+                                        for (const indexField of indexFields) {
+                                            const fieldCustomization = getFieldCustomization(indexField, customization);
+                                            roles[role][field.collection] ||= {};
+                                            if (dependencyCollection.access.serverReadOnly?.includes(role) &&
+                                                fieldCustomization?.custom?.serverAccess?.read !== undefined) {
+                                                if (!roles[role][field.collection][indexField.name]) {
+                                                    roles[role][field.collection][indexField.name] = new Set();
+                                                }
+                                                roles[role][field.collection][indexField.name].add(`${collectionName}- Dependency- Index- Check Server Read Function`);
+                                            }
+                                            else {
+                                                if (!roles[role][field.collection][indexField.name]) {
+                                                    roles[role][field.collection][indexField.name] = new Set();
+                                                }
+                                                roles[role][field.collection][indexField.name].add(`${collectionName}- Dependency- Index`);
+                                            }
+                                        }
+                                    }
+                                }
+                            }
+                            if (field.includeFields) {
+                                for (const includeField of field.includeFields) {
+                                    roles[role][field.collection] ||= {};
+                                    if (!roles[role][field.collection][includeField]) {
+                                        roles[role][field.collection][includeField] = new Set();
+                                    }
+                                    if (field.preserve) {
+                                        roles[role][field.collection][includeField].add(`${collectionName} "${field.name}" Relation- Include- Preserved`);
+                                    }
+                                    else {
+                                        roles[role][field.collection][includeField].add(`${collectionName} "${field.name}" Relation- Include`);
+                                    }
+                                }
+                            }
+                            roles[role][field.collection] ||= {};
+                            if (!roles[role][field.collection][`${collectionName} "${field.name}" Relation${field.preserve ? "- Preserved" : ""}`]) {
+                                roles[role][field.collection][`${collectionName} "${field.name}" Relation${field.preserve ? "- Preserved" : ""}`] = new Set();
+                            }
+                            const restrictCreate = field.restrictCreate === true ||
+                                (typeof field.restrictCreate === "object" && field.restrictCreate.includes(role));
+                            const restrictUpdate = field.restrictUpdate === true ||
+                                (typeof field.restrictUpdate === "object" && field.restrictUpdate.includes(role));
+                            if (access.operations.assignable === true ||
+                                (typeof access.operations.assignable === "object" &&
+                                    access.operations.assignable.includes(role)) ||
+                                access.operations.create?.includes(role) ||
+                                access.operations.update?.includes(role)) {
+                                if (restrictCreate && !restrictUpdate) {
+                                    roles[role][field.collection][`${collectionName} "${field.name}" Relation${field.preserve ? "- Preserved" : ""}`].add("Read & Update");
+                                }
+                                else if (restrictUpdate && !restrictCreate) {
+                                    roles[role][field.collection][`${collectionName} "${field.name}" Relation${field.preserve ? "- Preserved" : ""}`].add("Read & Create");
+                                }
+                                else if (!restrictCreate && !restrictUpdate) {
+                                    roles[role][field.collection][`${collectionName} "${field.name}" Relation${field.preserve ? "- Preserved" : ""}`].add("Read & Create & Update");
+                                }
+                            }
+                            else {
+                                roles[role][field.collection][`${collectionName} "${field.name}" Relation${field.preserve ? "- Preserved" : ""}`].add("Read Only");
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+    console.log("Security Rule Write Reads:\n");
+    for (const [collection, reads] of Object.entries(writeRuleReads)) {
+        console.log(`${collection}:\n`);
+        const main = Array.from(reads.main).length;
+        if (main >= 8) {
+            console.log(`[WARN] Main: ${main}`);
+        }
+        else if (main >= 10) {
+            console.log(`[ERROR] Main: ${main}`);
+            isError = true;
+        }
+        else {
+            console.log(`Main: ${main}`);
+        }
+        const batch = Array.from(reads.batch).length;
+        if (batch >= 16) {
+            console.log(`[WARN] Batch: ${Array.from(reads.batch).length}`);
+        }
+        else if (batch >= 20) {
+            console.log(`[ERROR] Batch: ${batch}`);
+            isError = true;
+        }
+        else {
+            console.log(`Batch: ${batch}`);
+        }
+        console.log("\n");
+    }
+    console.log("\n\nPossible Excess Permissions:\n");
+    for (const [role, collections] of Object.entries(roles)) {
+        console.log(`${role.toUpperCase()}\n`);
+        for (const [collection, fields] of Object.entries(collections)) {
+            console.log(`${collection}:\n${Object.entries(fields)
+                .map(([field, collections]) => `${field} (${Array.from(collections).join(", ")})`)
+                .join("\n")}`);
+            console.log("\n");
+        }
+        console.log("\n");
+    }
+    for (const collectionSchema of Object.values(schema.collections)) {
+        const accessFields = [
+            ...new Set(schema.config.roles.map((role) => getAccessFields(collectionSchema, role)).flat()),
+        ];
+        for (const accessField of accessFields) {
+            if (!accessField.restrictUpdate && accessField.name !== "id" && accessField.name !== "Created_By") {
+                console.error(`Field ${accessField.name} in ${collectionSchema.labels.collection} is used to control access but does not have restrictUpdate set.`);
+                isError = true;
+            }
+        }
+    }
+    const filePath = join(process.cwd(), "firebase-rules", "firestore.rules");
+    const fileStats = statSync(filePath);
+    const rulesetSize = fileStats.size / 1024;
+    if (rulesetSize > 256) {
+        console.error(`[ERROR] Size of ruleset: ${rulesetSize.toFixed(2)} KB - Exceeds Maximum of 256 KB.`);
+        isError = true;
+    }
+    else if (rulesetSize > 200) {
+        console.warn(`[WARN] Size of ruleset: ${rulesetSize.toFixed(2)} KB.`);
+    }
+    else {
+        console.log(`Size of ruleset: ${rulesetSize.toFixed(2)} KB.`);
+    }
+    if (isError) {
+        throw new Error("Security errors found in schema.");
+    }
+    console.log("\nNo security errors found in schema.");
+    process.exit();
+};