npm - @terreno/api - Versions diffs - 0.0.4 → 0.0.11-beta.1 - Mend

@terreno/api 0.0.4 → 0.0.11-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/CLAUDE.md +107 -0
package/bunfig.toml +3 -2
package/dist/api.d.ts +6 -17
package/dist/api.js +44 -68
package/dist/api.test.js +2051 -166
package/dist/expressServer.d.ts +2 -2
package/dist/openApi.d.ts +7 -7
package/dist/openApiBuilder.d.ts +3 -3
package/dist/permissions.d.ts +2 -2
package/dist/permissions.js +17 -25
package/dist/transformers.d.ts +4 -4
package/dist/utils.test.js +169 -7
package/package.json +3 -2
package/src/api.test.ts +1736 -142
package/src/api.ts +22 -64
package/src/example.ts +2 -2
package/src/expressServer.ts +2 -2
package/src/openApi.test.ts +4 -4
package/src/openApi.ts +7 -7
package/src/openApiBuilder.test.ts +2 -2
package/src/openApiBuilder.ts +4 -4
package/src/permissions.ts +4 -14
package/src/transformers.ts +4 -4
package/src/utils.test.ts +189 -9

package/dist/expressServer.d.ts CHANGED Viewed

@@ -1,11 +1,11 @@
 import * as Sentry from "@sentry/node";
 import express, { type Router } from "express";
 import type jwt from "jsonwebtoken";
-import type { modelRouterOptions } from "./api";
+import type { ModelRouterOptions } from "./api";
 import { type UserModel as UserMongooseModel } from "./auth";
 import { type LoggingOptions } from "./logger";
 export declare function setupEnvironment(): void;
-export type AddRoutes = (router: Router, options?: Partial<modelRouterOptions<any>>) => void;
+export type AddRoutes = (router: Router, options?: Partial<ModelRouterOptions<any>>) => void;
 export declare function logRequests(req: any, res: any, next: any): void;
 export declare function createRouter(rootPath: string, addRoutes: AddRoutes, middleware?: any[]): any[];
 export declare function createRouterWithAuth(rootPath: string, addRoutes: (router: Router) => void, middleware?: any[]): any[];

package/dist/openApi.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import type { Model } from "mongoose";
-import type { modelRouterOptions } from "./api";
+import type { ModelRouterOptions } from "./api";
 export declare const apiErrorContent: {
     "application/json": {
         schema: {
@@ -52,9 +52,9 @@ export declare const defaultOpenApiErrorResponses: {
         description: string;
     };
 };
-export declare function getOpenApiMiddleware<T>(model: Model<T>, options: Partial<modelRouterOptions<T>>): any;
-export declare function listOpenApiMiddleware<T>(model: Model<T>, options: Partial<modelRouterOptions<T>>): any;
-export declare function createOpenApiMiddleware<T>(model: Model<T>, options: Partial<modelRouterOptions<T>>): any;
-export declare function patchOpenApiMiddleware<T>(model: Model<T>, options: Partial<modelRouterOptions<T>>): any;
-export declare function deleteOpenApiMiddleware<T>(model: Model<T>, options: Partial<modelRouterOptions<T>>): any;
-export declare function readOpenApiMiddleware<T>(options: Partial<modelRouterOptions<T>>, properties: any, required: string[], queryParameters: any): any;
+export declare function getOpenApiMiddleware<T>(model: Model<T>, options: Partial<ModelRouterOptions<T>>): any;
+export declare function listOpenApiMiddleware<T>(model: Model<T>, options: Partial<ModelRouterOptions<T>>): any;
+export declare function createOpenApiMiddleware<T>(model: Model<T>, options: Partial<ModelRouterOptions<T>>): any;
+export declare function patchOpenApiMiddleware<T>(model: Model<T>, options: Partial<ModelRouterOptions<T>>): any;
+export declare function deleteOpenApiMiddleware<T>(model: Model<T>, options: Partial<ModelRouterOptions<T>>): any;
+export declare function readOpenApiMiddleware<T>(options: Partial<ModelRouterOptions<T>>, properties: any, required: string[], queryParameters: any): any;

package/dist/openApiBuilder.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { modelRouterOptions } from "./api";
+import type { ModelRouterOptions } from "./api";
 /**
  * Defines a property within an OpenAPI schema.
  *
@@ -189,7 +189,7 @@ export declare class OpenApiMiddlewareBuilder {
      *
      * @param options - Router options containing the OpenAPI path configuration
      */
-    constructor(options: Partial<modelRouterOptions<any>>);
+    constructor(options: Partial<ModelRouterOptions<any>>);
     /**
      * Sets the tags for the OpenAPI operation.
      *
@@ -416,4 +416,4 @@ export declare class OpenApiMiddlewareBuilder {
  * router.get("/analytics/stats", statsMiddleware, getStatsHandler);
  * ```
  */
-export declare function createOpenApiBuilder(options: Partial<modelRouterOptions<any>>): OpenApiMiddlewareBuilder;
+export declare function createOpenApiBuilder(options: Partial<ModelRouterOptions<any>>): OpenApiMiddlewareBuilder;

package/dist/permissions.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import type express from "express";
 import type { NextFunction } from "express";
 import { type Model } from "mongoose";
-import { type modelRouterOptions, type RESTMethod } from "./api";
+import { type ModelRouterOptions, type RESTMethod } from "./api";
 import type { User } from "./auth";
 export type PermissionMethod<T> = (method: RESTMethod, user?: User, obj?: T) => boolean | Promise<boolean>;
 export interface RESTPermissions<T> {
@@ -23,4 +23,4 @@ export declare const Permissions: {
     IsOwnerOrReadOnly: (method: RESTMethod, user?: User, obj?: any) => boolean;
 };
 export declare function checkPermissions<T>(method: RESTMethod, permissions: PermissionMethod<T>[], user?: User, obj?: T): Promise<boolean>;
-export declare function permissionMiddleware<T>(baseModel: Model<T>, options: Pick<modelRouterOptions<T>, "permissions" | "populatePaths" | "discriminatorKey">): (req: express.Request, _res: express.Response, next: NextFunction) => Promise<void>;
+export declare function permissionMiddleware<T>(model: Model<T>, options: Pick<ModelRouterOptions<T>, "permissions" | "populatePaths">): (req: express.Request, _res: express.Response, next: NextFunction) => Promise<void>;

package/dist/permissions.js CHANGED Viewed

@@ -194,20 +194,20 @@ function checkPermissions(method, permissions, user, obj) {
 // Check the permissions for a given model and method. If the method is a read, update, or delete,
 // finds the relevant object, checks the permissions, and attaches the object to the request as
 // req.obj.
-function permissionMiddleware(baseModel, options) {
+function permissionMiddleware(model, options) {
     var _this = this;
     return function (req, _res, next) { return __awaiter(_this, void 0, void 0, function () {
-        var method, reqMethod, model, builtQuery, populatedQuery, data, error_1, hiddenDoc, error, reason, error, error_2;
-        var _a, _b, _c, _d;
-        return __generator(this, function (_e) {
-            switch (_e.label) {
+        var method, reqMethod, builtQuery, populatedQuery, data, error_1, hiddenDoc, error, reason, error, error_2;
+        var _a, _b;
+        return __generator(this, function (_c) {
+            switch (_c.label) {
                 case 0:
                     if (req.method === "OPTIONS") {
                         return [2 /*return*/, next()];
                     }
-                    _e.label = 1;
+                    _c.label = 1;
                 case 1:
-                    _e.trys.push([1, 10, , 11]);
+                    _c.trys.push([1, 10, , 11]);
                     method = void 0;
                     reqMethod = req.method.toLowerCase();
                     if (reqMethod === "post") {
@@ -233,11 +233,10 @@ function permissionMiddleware(baseModel, options) {
                             title: "Method ".concat(req.method, " not allowed"),
                         });
                     }
-                    model = (0, api_1.getModel)(baseModel, req.body, options);
                     return [4 /*yield*/, checkPermissions(method, options.permissions[method], req.user)];
                 case 2:
                     // All methods check for permissions.
-                    if (!(_e.sent())) {
+                    if (!(_c.sent())) {
                         throw new errors_1.APIError({
                             status: 405,
                             title: "Access to ".concat(method.toUpperCase(), " on ").concat(model.modelName, " ") +
@@ -250,34 +249,27 @@ function permissionMiddleware(baseModel, options) {
                     builtQuery = model.findById(req.params.id);
                     populatedQuery = (0, api_1.addPopulateToQuery)(builtQuery, options.populatePaths);
                     data = void 0;
-                    _e.label = 3;
+                    _c.label = 3;
                 case 3:
-                    _e.trys.push([3, 5, , 6]);
+                    _c.trys.push([3, 5, , 6]);
                     return [4 /*yield*/, populatedQuery.exec()];
                 case 4:
-                    data = _e.sent();
+                    data = _c.sent();
                     return [3 /*break*/, 6];
                 case 5:
-                    error_1 = _e.sent();
+                    error_1 = _c.sent();
                     throw new errors_1.APIError({
                         error: error_1,
                         status: 500,
                         title: "GET failed on ".concat(req.params.id),
                     });
                 case 6:
-                    if (!(!data || (["update", "delete"].includes(method) && (data === null || data === void 0 ? void 0 : data.__t) && !((_b = req.body) === null || _b === void 0 ? void 0 : _b.__t)))) return [3 /*break*/, 8];
-                    // For discriminated models, return 404 without checking hidden state
-                    if (["update", "delete"].includes(method) && (data === null || data === void 0 ? void 0 : data.__t) && !((_c = req.body) === null || _c === void 0 ? void 0 : _c.__t)) {
-                        throw new errors_1.APIError({
-                            status: 404,
-                            title: "Document ".concat(req.params.id, " not found for model ").concat(model.modelName),
-                        });
-                    }
+                    if (!!data) return [3 /*break*/, 8];
                     return [4 /*yield*/, model.collection.findOne({
                             _id: new mongoose_1.default.Types.ObjectId(req.params.id),
                         })];
                 case 7:
-                    hiddenDoc = _e.sent();
+                    hiddenDoc = _c.sent();
                     if (!hiddenDoc) {
                         Sentry.captureMessage("Document ".concat(req.params.id, " not found for model ").concat(model.modelName));
                         error = new errors_1.APIError({
@@ -312,16 +304,16 @@ function permissionMiddleware(baseModel, options) {
                     });
                 case 8: return [4 /*yield*/, checkPermissions(method, options.permissions[method], req.user, data)];
                 case 9:
-                    if (!(_e.sent())) {
+                    if (!(_c.sent())) {
                         throw new errors_1.APIError({
                             status: 403,
-                            title: "Access to GET on ".concat(model.modelName, ":").concat(req.params.id, " denied for ").concat((_d = req.user) === null || _d === void 0 ? void 0 : _d.id),
+                            title: "Access to GET on ".concat(model.modelName, ":").concat(req.params.id, " denied for ").concat((_b = req.user) === null || _b === void 0 ? void 0 : _b.id),
                         });
                     }
                     req.obj = data;
                     return [2 /*return*/, next()];
                 case 10:
-                    error_2 = _e.sent();
+                    error_2 = _c.sent();
                     logger_1.logger.error("Permissions error: ".concat(error_2 instanceof Error ? error_2.message : error_2));
                     return [2 /*return*/, next(error_2)];
                 case 11: return [2 /*return*/];

package/dist/transformers.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import type express from "express";
 import type { Document } from "mongoose";
-import type { modelRouterOptions } from "./api";
+import type { ModelRouterOptions } from "./api";
 import type { User } from "./auth";
 export interface TerrenoTransformer<T> {
     transform?: (obj: Partial<T>, method: "create" | "update", user?: User) => Partial<T> | undefined;
@@ -16,10 +16,10 @@ export declare function AdminOwnerTransformer<T>(options: {
     ownerWriteFields?: string[];
     adminWriteFields?: string[];
 }): TerrenoTransformer<T>;
-export declare function transform<T>(options: modelRouterOptions<T>, data: Partial<T> | Partial<T>[], method: "create" | "update", user?: User): Partial<T> | (Partial<T> | undefined)[] | undefined;
-export declare function serialize<T>(req: express.Request, options: modelRouterOptions<T>, data: (Document<any, any, any> & T) | (Document<any, any, any> & T)[]): Partial<T> | (Partial<T> | undefined)[] | undefined;
+export declare function transform<T>(options: ModelRouterOptions<T>, data: Partial<T> | Partial<T>[], method: "create" | "update", user?: User): Partial<T> | (Partial<T> | undefined)[] | undefined;
+export declare function serialize<T>(req: express.Request, options: ModelRouterOptions<T>, data: (Document<any, any, any> & T) | (Document<any, any, any> & T)[]): Partial<T> | (Partial<T> | undefined)[] | undefined;
 /**
  * Default response handler for modelRouter. Calls toObject on each doc and returns the result,
  * using transformers.serializer if provided.
  */
-export declare function defaultResponseHandler<T>(doc: (Document<any, any, any> & T) | (Document<any, any, any> & T)[] | null, method: "list" | "create" | "read" | "update", request: express.Request, options: modelRouterOptions<T>): Promise<Partial<T> | (Partial<T> | undefined)[] | null | undefined>;
+export declare function defaultResponseHandler<T>(doc: (Document<any, any, any> & T) | (Document<any, any, any> & T)[] | null, method: "list" | "create" | "read" | "update", request: express.Request, options: ModelRouterOptions<T>): Promise<Partial<T> | (Partial<T> | undefined)[] | null | undefined>;

package/dist/utils.test.js CHANGED Viewed

@@ -1,14 +1,176 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 var bun_test_1 = require("bun:test");
+var mongoose_1 = __importDefault(require("mongoose"));
 var utils_1 = require("./utils");
 (0, bun_test_1.describe)("utils", function () {
-    (0, bun_test_1.it)("checks valid ObjectIds", function () {
-        (0, bun_test_1.expect)((0, utils_1.isValidObjectId)("62c44da0003d9f8ee8cc925c")).toBe(true);
-        (0, bun_test_1.expect)((0, utils_1.isValidObjectId)("620000000000000000000000")).toBe(true);
-        // Mongoose's builtin "ObjectId.isValid" will falsely say this is an ObjectId.
-        (0, bun_test_1.expect)((0, utils_1.isValidObjectId)("1234567890ab")).toBe(false);
-        (0, bun_test_1.expect)((0, utils_1.isValidObjectId)("microsoft123")).toBe(false);
-        (0, bun_test_1.expect)((0, utils_1.isValidObjectId)("62c44da0003d9f8ee8cc925x")).toBe(false);
+    (0, bun_test_1.describe)("isValidObjectId", function () {
+        (0, bun_test_1.it)("checks valid ObjectIds", function () {
+            (0, bun_test_1.expect)((0, utils_1.isValidObjectId)("62c44da0003d9f8ee8cc925c")).toBe(true);
+            (0, bun_test_1.expect)((0, utils_1.isValidObjectId)("620000000000000000000000")).toBe(true);
+            // Mongoose's builtin "ObjectId.isValid" will falsely say this is an ObjectId.
+            (0, bun_test_1.expect)((0, utils_1.isValidObjectId)("1234567890ab")).toBe(false);
+            (0, bun_test_1.expect)((0, utils_1.isValidObjectId)("microsoft123")).toBe(false);
+            (0, bun_test_1.expect)((0, utils_1.isValidObjectId)("62c44da0003d9f8ee8cc925x")).toBe(false);
+        });
+    });
+    (0, bun_test_1.describe)("checkModelsStrict", function () {
+        (0, bun_test_1.it)("throws error when toObject.virtuals is not true", function () {
+            // Create a schema without toObject.virtuals
+            var testSchema = new mongoose_1.default.Schema({ name: String });
+            testSchema.set("strict", "throw");
+            // Not setting toObject.virtuals
+            if (mongoose_1.default.models.ToObjectTestModel) {
+                delete mongoose_1.default.models.ToObjectTestModel;
+            }
+            mongoose_1.default.model("ToObjectTestModel", testSchema);
+            try {
+                // This should throw because ToObjectTestModel doesn't have toObject.virtuals
+                (0, bun_test_1.expect)(function () { return (0, utils_1.checkModelsStrict)(); }).toThrow("toObject.virtuals not set to true");
+            }
+            finally {
+                delete mongoose_1.default.models.ToObjectTestModel;
+            }
+        });
+        (0, bun_test_1.it)("throws error when toJSON.virtuals is not true", function () {
+            // Create a schema with toObject.virtuals but without toJSON.virtuals
+            var testSchema = new mongoose_1.default.Schema({ name: String });
+            testSchema.set("toObject", { virtuals: true });
+            testSchema.set("strict", "throw");
+            // Not setting toJSON.virtuals
+            if (mongoose_1.default.models.ToJsonTestModel) {
+                delete mongoose_1.default.models.ToJsonTestModel;
+            }
+            mongoose_1.default.model("ToJsonTestModel", testSchema);
+            // Use spyOn to intercept modelNames and return only our test model
+            var spy = (0, bun_test_1.spyOn)(mongoose_1.default, "modelNames").mockReturnValue(["ToJsonTestModel"]);
+            try {
+                (0, bun_test_1.expect)(function () { return (0, utils_1.checkModelsStrict)(); }).toThrow("toJSON.virtuals not set to true");
+            }
+            finally {
+                spy.mockRestore();
+                delete mongoose_1.default.models.ToJsonTestModel;
+            }
+        });
+        (0, bun_test_1.it)("throws error when strict mode is not set to throw", function () {
+            // Create a schema with virtuals but without strict mode
+            var testSchema = new mongoose_1.default.Schema({ name: String });
+            testSchema.set("toObject", { virtuals: true });
+            testSchema.set("toJSON", { virtuals: true });
+            // Not setting strict to "throw"
+            if (mongoose_1.default.models.StrictTestModel) {
+                delete mongoose_1.default.models.StrictTestModel;
+            }
+            mongoose_1.default.model("StrictTestModel", testSchema);
+            var spy = (0, bun_test_1.spyOn)(mongoose_1.default, "modelNames").mockReturnValue(["StrictTestModel"]);
+            try {
+                (0, bun_test_1.expect)(function () { return (0, utils_1.checkModelsStrict)(); }).toThrow("is not set to strict mode");
+            }
+            finally {
+                spy.mockRestore();
+                delete mongoose_1.default.models.StrictTestModel;
+            }
+        });
+        (0, bun_test_1.it)("passes when all checks pass", function () {
+            // Create a properly configured schema
+            var testSchema = new mongoose_1.default.Schema({ name: String });
+            testSchema.set("toObject", { virtuals: true });
+            testSchema.set("toJSON", { virtuals: true });
+            testSchema.set("strict", "throw");
+            if (mongoose_1.default.models.GoodTestModel) {
+                delete mongoose_1.default.models.GoodTestModel;
+            }
+            mongoose_1.default.model("GoodTestModel", testSchema);
+            var spy = (0, bun_test_1.spyOn)(mongoose_1.default, "modelNames").mockReturnValue(["GoodTestModel"]);
+            try {
+                (0, bun_test_1.expect)(function () { return (0, utils_1.checkModelsStrict)(); }).not.toThrow();
+            }
+            finally {
+                spy.mockRestore();
+                delete mongoose_1.default.models.GoodTestModel;
+            }
+        });
+        (0, bun_test_1.it)("skips strict mode check for ignored models", function () {
+            // Create a properly configured model
+            var goodSchema = new mongoose_1.default.Schema({ name: String });
+            goodSchema.set("toObject", { virtuals: true });
+            goodSchema.set("toJSON", { virtuals: true });
+            goodSchema.set("strict", "throw");
+            if (mongoose_1.default.models.GoodModel) {
+                delete mongoose_1.default.models.GoodModel;
+            }
+            mongoose_1.default.model("GoodModel", goodSchema);
+            // Create a model without strict mode that we'll ignore
+            var badSchema = new mongoose_1.default.Schema({ name: String });
+            badSchema.set("toObject", { virtuals: true });
+            badSchema.set("toJSON", { virtuals: true });
+            // Not setting strict - should fail unless ignored
+            if (mongoose_1.default.models.IgnoredModel) {
+                delete mongoose_1.default.models.IgnoredModel;
+            }
+            mongoose_1.default.model("IgnoredModel", badSchema);
+            var spy = (0, bun_test_1.spyOn)(mongoose_1.default, "modelNames").mockReturnValue(["GoodModel", "IgnoredModel"]);
+            try {
+                // Without ignoring, should throw for IgnoredModel
+                (0, bun_test_1.expect)(function () { return (0, utils_1.checkModelsStrict)(); }).toThrow("is not set to strict mode");
+                // With ignoring IgnoredModel, should pass
+                (0, bun_test_1.expect)(function () { return (0, utils_1.checkModelsStrict)(["IgnoredModel"]); }).not.toThrow();
+            }
+            finally {
+                spy.mockRestore();
+                delete mongoose_1.default.models.GoodModel;
+                delete mongoose_1.default.models.IgnoredModel;
+            }
+        });
+        (0, bun_test_1.it)("handles multiple models and validates all", function () {
+            // Create three properly configured models
+            var schema1 = new mongoose_1.default.Schema({ name: String });
+            schema1.set("toObject", { virtuals: true });
+            schema1.set("toJSON", { virtuals: true });
+            schema1.set("strict", "throw");
+            var schema2 = new mongoose_1.default.Schema({ value: Number });
+            schema2.set("toObject", { virtuals: true });
+            schema2.set("toJSON", { virtuals: true });
+            schema2.set("strict", "throw");
+            var schema3 = new mongoose_1.default.Schema({ active: Boolean });
+            schema3.set("toObject", { virtuals: true });
+            schema3.set("toJSON", { virtuals: true });
+            schema3.set("strict", "throw");
+            if (mongoose_1.default.models.MultiModel1)
+                delete mongoose_1.default.models.MultiModel1;
+            if (mongoose_1.default.models.MultiModel2)
+                delete mongoose_1.default.models.MultiModel2;
+            if (mongoose_1.default.models.MultiModel3)
+                delete mongoose_1.default.models.MultiModel3;
+            mongoose_1.default.model("MultiModel1", schema1);
+            mongoose_1.default.model("MultiModel2", schema2);
+            mongoose_1.default.model("MultiModel3", schema3);
+            var spy = (0, bun_test_1.spyOn)(mongoose_1.default, "modelNames").mockReturnValue([
+                "MultiModel1",
+                "MultiModel2",
+                "MultiModel3",
+            ]);
+            try {
+                (0, bun_test_1.expect)(function () { return (0, utils_1.checkModelsStrict)(); }).not.toThrow();
+            }
+            finally {
+                spy.mockRestore();
+                delete mongoose_1.default.models.MultiModel1;
+                delete mongoose_1.default.models.MultiModel2;
+                delete mongoose_1.default.models.MultiModel3;
+            }
+        });
+        (0, bun_test_1.it)("handles empty model list", function () {
+            var spy = (0, bun_test_1.spyOn)(mongoose_1.default, "modelNames").mockReturnValue([]);
+            try {
+                (0, bun_test_1.expect)(function () { return (0, utils_1.checkModelsStrict)(); }).not.toThrow();
+            }
+            finally {
+                spy.mockRestore();
+            }
+        });
     });
 });

package/package.json CHANGED Viewed

@@ -17,7 +17,7 @@
     "jsonwebtoken": "^9.0.2",
     "lodash": "^4.17.21",
     "luxon": "^3.7.2",
-    "mongoose": "^9.1.1",
+    "mongoose": "8.18.1",
     "mongoose-to-swagger": "^1.4.0",
     "ms": "^2.1.3",
     "on-finished": "^2.3.0",
@@ -81,8 +81,9 @@
     "lint:fix": "biome check --write ./src",
     "lint:unsafefix": "biome check --fix --unsafe ./src",
     "test": "bun test --preload ./src/tests/bunSetup.ts",
+    "test:ci": "bun test --preload ./src/tests/bunSetup.ts",
     "updateSnapshot": "bun test --update-snapshots"
   },
   "types": "dist/index.d.ts",
-  "version": "0.0.4"
+  "version": "0.0.11-beta.1"
 }