@terreno/api 0.0.18 → 0.1.0

package/dist/api.js

@@ -135,6 +135,7 @@ var auth_1 = require("./auth");
 var errors_1 = require("./errors");
 var logger_1 = require("./logger");
 var openApi_1 = require("./openApi");
+var openApiValidator_1 = require("./openApiValidator");
 var permissions_1 = require("./permissions");
 var transformers_1 = require("./transformers");
 var utils_1 = require("./utils");
@@ -227,6 +228,62 @@ function checkQueryParamAllowed(queryParam, queryParamValue, queryFields) {
 //
 //   return result;
 // }
+// Helper to determine if validation should be enabled for a specific operation.
+// When options.validation is not set, returns true — the middleware's own
+// isConfigured check will decide whether to actually validate.
+function shouldValidate(options, operation) {
+    var _a, _b, _c;
+    // Check route-specific validation option first
+    if (options.validation !== undefined) {
+        if (typeof options.validation === "boolean") {
+            return options.validation;
+        }
+        if (operation === "create") {
+            return (_a = options.validation.validateCreate) !== null && _a !== void 0 ? _a : true;
+        }
+        if (operation === "update") {
+            return (_b = options.validation.validateUpdate) !== null && _b !== void 0 ? _b : true;
+        }
+        return (_c = options.validation.validateQuery) !== null && _c !== void 0 ? _c : true;
+    }
+    // Default: let middleware's isConfigured check decide
+    return true;
+}
+// Get body validation middleware if validation is enabled
+function getBodyValidationMiddleware(model, options, operation) {
+    var validationOptions = {};
+    if (!shouldValidate(options, operation)) {
+        validationOptions.enabled = false;
+    }
+    if (typeof options.validation === "object") {
+        if (options.validation.onError) {
+            validationOptions.onError = options.validation.onError;
+        }
+        if (options.validation.onAdditionalPropertiesRemoved) {
+            validationOptions.onAdditionalPropertiesRemoved =
+                options.validation.onAdditionalPropertiesRemoved;
+        }
+        var excludeFields = operation === "create"
+            ? options.validation.excludeFromCreate
+            : options.validation.excludeFromUpdate;
+        if (excludeFields === null || excludeFields === void 0 ? void 0 : excludeFields.length) {
+            validationOptions.excludeFields = excludeFields;
+        }
+    }
+    return (0, openApiValidator_1.validateModelRequestBody)(model, validationOptions);
+}
+// Get query validation middleware if validation is enabled
+function getQueryValidationMiddleware(model, options) {
+    var querySchema = (0, openApiValidator_1.buildQuerySchemaFromFields)(model, options.queryFields);
+    var validationOptions = {};
+    if (!shouldValidate(options, "query")) {
+        validationOptions.enabled = false;
+    }
+    if (typeof options.validation === "object" && options.validation.onError) {
+        validationOptions.onError = options.validation.onError;
+    }
+    return (0, openApiValidator_1.validateQueryParams)(querySchema, validationOptions);
+}
 /**
  * Create a set of CRUD routes given a Mongoose model and configuration options.
  *
@@ -242,10 +299,15 @@ function modelRouter(model, options) {
         options.endpoints(router);
     }
     var responseHandler = (_a = options.responseHandler) !== null && _a !== void 0 ? _a : transformers_1.defaultResponseHandler;
+    // Always install validation middleware — they are no-ops until configureOpenApiValidator() is called
+    var createValidation = getBodyValidationMiddleware(model, options, "create");
+    var updateValidation = getBodyValidationMiddleware(model, options, "update");
+    var queryValidation = getQueryValidationMiddleware(model, options);
     router.post("/", [
         (0, auth_1.authenticateMiddleware)(options.allowAnonymous),
         (0, openApi_1.createOpenApiMiddleware)(model, options),
         (0, permissions_1.permissionMiddleware)(model, options),
+        createValidation,
     ], (0, exports.asyncHandler)(function (req, res) { return __awaiter(_this, void 0, void 0, function () {
         var body, error_1, data, error_2, populateQuery, error_3, error_4, serialized, error_5;
         return __generator(this, function (_a) {
@@ -378,6 +440,7 @@ function modelRouter(model, options) {
         (0, auth_1.authenticateMiddleware)(options.allowAnonymous),
         (0, permissions_1.permissionMiddleware)(model, options),
         (0, openApi_1.listOpenApiMiddleware)(model, options),
+        queryValidation,
     ], (0, exports.asyncHandler)(function (req, res) { return __awaiter(_this, void 0, void 0, function () {
         var query, _a, _b, queryParam, _c, _d, queryParam, queryFilter, error_6, limit, builtQuery, total, populatedQuery, data, error_7, serialized, error_8, more, msg;
         var e_4, _e, e_5, _f;
@@ -594,6 +657,7 @@ function modelRouter(model, options) {
         (0, auth_1.authenticateMiddleware)(options.allowAnonymous),
         (0, openApi_1.patchOpenApiMiddleware)(model, options),
         (0, permissions_1.permissionMiddleware)(model, options),
+        updateValidation,
     ], (0, exports.asyncHandler)(function (req, res) { return __awaiter(_this, void 0, void 0, function () {
         var doc, body, error_10, prevDoc, error_11, populateQuery, error_12, serialized, error_13;
         var _a;
@@ -991,10 +1055,81 @@ function modelRouter(model, options) {
     router.use(errors_1.apiErrorMiddleware);
     return router;
 }
-// Since express doesn't handle async routes well, wrap them with this function.
-var asyncHandler = function (fn) { return function (req, res, next) {
-    return Promise.resolve(fn(req, res, next)).catch(next);
-}; };
+/**
+ * Wraps async route handlers to properly catch and forward errors.
+ *
+ * Since Express doesn't handle async routes well, wrap them with this function.
+ * Optionally supports integrated request validation.
+ *
+ * @param fn - The async route handler function
+ * @param options - Optional configuration for validation
+ * @returns Express middleware function
+ *
+ * @example
+ * ```typescript
+ * // Basic usage without validation
+ * router.post("/users", asyncHandler(async (req, res) => {
+ *   // handler code
+ * }));
+ *
+ * // With integrated validation
+ * router.post("/users", asyncHandler(async (req, res) => {
+ *   // handler code - body is already validated
+ * }, {
+ *   bodySchema: {
+ *     name: {type: "string", required: true},
+ *     email: {type: "string", format: "email", required: true},
+ *   },
+ *   validate: true,
+ * }));
+ * ```
+ */
+var asyncHandler = function (fn, options) {
+    var _a, _b;
+    // If no validation options, return simple handler
+    if (!(options === null || options === void 0 ? void 0 : options.bodySchema) && !(options === null || options === void 0 ? void 0 : options.querySchema)) {
+        return function (req, res, next) {
+            return Promise.resolve(fn(req, res, next)).catch(next);
+        };
+    }
+    // Import validation functions dynamically to avoid circular deps at module load
+    var _c = require("./openApiValidator"), validateRequestBody = _c.validateRequestBody, validateQueryParams = _c.validateQueryParams, getOpenApiValidatorConfig = _c.getOpenApiValidatorConfig;
+    // Build validation middleware
+    var validators = [];
+    // Determine if validation should be enabled
+    var shouldValidate = (_b = (_a = options.validate) !== null && _a !== void 0 ? _a : getOpenApiValidatorConfig().validateRequests) !== null && _b !== void 0 ? _b : false;
+    if (shouldValidate) {
+        if (options.bodySchema) {
+            validators.push(validateRequestBody(options.bodySchema, { enabled: true }));
+        }
+        if (options.querySchema) {
+            validators.push(validateQueryParams(options.querySchema, { enabled: true }));
+        }
+    }
+    return function (req, res, next) {
+        // Run validators sequentially, then the handler
+        var runValidators = function (index) {
+            if (index >= validators.length) {
+                // All validators passed, run the actual handler
+                Promise.resolve(fn(req, res, next)).catch(next);
+                return;
+            }
+            try {
+                validators[index](req, res, function (err) {
+                    if (err) {
+                        next(err);
+                        return;
+                    }
+                    runValidators(index + 1);
+                });
+            }
+            catch (err) {
+                next(err);
+            }
+        };
+        runValidators(0);
+    };
+};
 exports.asyncHandler = asyncHandler;
 // For backwards compatibility with the old names.
 exports.gooseRestRouter = modelRouter;