@terreno/api 0.0.4 → 0.0.11-beta.1

package/src/api.ts

@@ -70,7 +70,7 @@ export type RESTMethod = "list" | "create" | "read" | "update" | "delete";
  * This is the main configuration.
  * @param T - the base document type. This should not include Mongoose models, just the types of the object.
  */
-export interface modelRouterOptions<T> {
+export interface ModelRouterOptions<T> {
   /**
    * A group of method-level (create/read/update/delete/list) permissions.
    * Determine if the user can perform the operation at all, and for read/update/delete methods,
@@ -239,18 +239,8 @@ export interface modelRouterOptions<T> {
     value: (Document<any, any, any> & T) | (Document<any, any, any> & T)[],
     method: "list" | "create" | "read" | "update" | "delete",
     request: express.Request,
-    options: modelRouterOptions<T>
+    options: ModelRouterOptions<T>
   ) => Promise<JSONValue>;
-  /**
-   * The discriminatorKey that you passed when creating the Mongoose models. Defaults to __t. See:
-   * https://mongoosejs.com/docs/discriminators.html If this key is provided,
-   * you must provide the same key as part of the top level of the body when making performing
-   * update or delete operations on this model.
-   *    \{discriminatorKey: "__t"\}
-   *
-   *     PATCH \{__t: "SuperUser", name: "Foo"\} // __t is required or there will be a 404 error.
-   */
-  discriminatorKey?: string;
   /**
    * The OpenAPI generator for this server. This is used to generate the OpenAPI documentation.
    */
@@ -275,23 +265,6 @@ export interface modelRouterOptions<T> {
   openApiExtraModelProperties?: any;
 }
 
-// A function to decide which model to use. If no discriminators are provided,
-// just returns the base model. If
-export function getModel(baseModel: Model<any>, body?: any, options?: modelRouterOptions<any>) {
-  const discriminatorKey = options?.discriminatorKey ?? "__t";
-  const modelName = body?.[discriminatorKey];
-  if (!modelName) {
-    return baseModel;
-  }
-  const model = baseModel.discriminators?.[modelName];
-  if (!model) {
-    throw new Error(
-      `Could not find discriminator model for key ${modelName}, baseModel: ${baseModel}`
-    );
-  }
-  return model;
-}
-
 // Ensures query params are allowed. Also checks nested query params when using $and/$or.
 function checkQueryParamAllowed(
   queryParam: string,
@@ -337,15 +310,12 @@ function checkQueryParamAllowed(
 // }
 
 /**
- * Create a set of CRUD routes given a Mongoose model $baseModel and configuration options.
+ * Create a set of CRUD routes given a Mongoose model and configuration options.
  *
- * @param baseModel A Mongoose Model
+ * @param model A Mongoose Model
  * @param options Options for configuring the REST API, such as permissions, transformers, and hooks.
  */
-export function modelRouter<T>(
-  baseModel: Model<T>,
-  options: modelRouterOptions<T>
-): express.Router {
+export function modelRouter<T>(model: Model<T>, options: ModelRouterOptions<T>): express.Router {
   const router = express.Router();
 
   // Do before the other router options so endpoints take priority.
@@ -359,12 +329,10 @@ export function modelRouter<T>(
     "/",
     [
       authenticateMiddleware(options.allowAnonymous),
-      createOpenApiMiddleware(baseModel, options),
-      permissionMiddleware(baseModel, options),
+      createOpenApiMiddleware(model, options),
+      permissionMiddleware(model, options),
     ],
     asyncHandler(async (req: Request, res: Response) => {
-      const model = getModel(baseModel, req.body?.__t, options);
-
       let body: Partial<T> | (Partial<T> | undefined)[] | null | undefined;
       try {
         body = transform<T>(options, req.body, "create", req.user);
@@ -426,7 +394,7 @@ export function modelRouter<T>(
 
       if (options.populatePaths) {
         try {
-          let populateQuery = model.findById(data._id);
+          let populateQuery: any = model.findById(data._id);
           populateQuery = addPopulateToQuery(populateQuery, options.populatePaths);
           data = await populateQuery.exec();
         } catch (error: any) {
@@ -469,13 +437,10 @@ export function modelRouter<T>(
     "/",
     [
       authenticateMiddleware(options.allowAnonymous),
-      permissionMiddleware(baseModel, options),
-      listOpenApiMiddleware(baseModel, options),
+      permissionMiddleware(model, options),
+      listOpenApiMiddleware(model, options),
     ],
     asyncHandler(async (req: Request, res: Response) => {
-      // For pure read queries, Mongoose will return the correct data with just the base model.
-      const model = baseModel;
-
       let query: any = {};
       for (const queryParam of Object.keys(options.defaultQueryParams ?? [])) {
         query[queryParam] = options.defaultQueryParams?.[queryParam];
@@ -624,8 +589,8 @@ export function modelRouter<T>(
     "/:id",
     [
       authenticateMiddleware(options.allowAnonymous),
-      getOpenApiMiddleware(baseModel, options),
-      permissionMiddleware(baseModel, options),
+      getOpenApiMiddleware(model, options),
+      permissionMiddleware(model, options),
     ],
     asyncHandler(async (req: Request, res: Response) => {
       const data: mongoose.Document & T = (req as any).obj;
@@ -658,12 +623,10 @@ export function modelRouter<T>(
     "/:id",
     [
       authenticateMiddleware(options.allowAnonymous),
-      patchOpenApiMiddleware(baseModel, options),
-      permissionMiddleware(baseModel, options),
+      patchOpenApiMiddleware(model, options),
+      permissionMiddleware(model, options),
     ],
     asyncHandler(async (req: Request, res: Response) => {
-      const model = getModel(baseModel, req.body, options);
-
       let doc: mongoose.Document & T = (req as any).obj;
 
       let body;
@@ -731,7 +694,7 @@ export function modelRouter<T>(
       }
 
       if (options.populatePaths) {
-        let populateQuery = model.findById(doc._id);
+        let populateQuery: any = model.findById(doc._id);
         populateQuery = addPopulateToQuery(populateQuery, options.populatePaths);
         doc = await populateQuery.exec();
       }
@@ -766,12 +729,10 @@ export function modelRouter<T>(
     "/:id",
     [
       authenticateMiddleware(options.allowAnonymous),
-      deleteOpenApiMiddleware(baseModel, options),
-      permissionMiddleware(baseModel, options),
+      deleteOpenApiMiddleware(model, options),
+      permissionMiddleware(model, options),
     ],
     asyncHandler(async (req: Request, res: Response) => {
-      const model = getModel(baseModel, req.body, options);
-
       const doc: mongoose.Document & T & {deleted?: boolean} = (req as any).obj;
 
       if (options.preDelete) {
@@ -849,7 +810,6 @@ export function modelRouter<T>(
     operation: "POST" | "PATCH" | "DELETE"
   ) {
     // TODO Combine array operations and .patch(), as they are very similar.
-    const model = getModel(baseModel, req.body, options);
 
     if (!(await checkPermissions("update", options.permissions.update, req.user))) {
       throw new APIError({
@@ -861,9 +821,7 @@ export function modelRouter<T>(
     const doc = await model.findById(req.params.id);
     // Make a copy for passing pre-saved values to hooks.
     const prevDoc = cloneDeep(doc);
-    // We fail here because we might fetch the document without the __t but we'd be missing all the
-    // hooks.
-    if (!doc || (doc.__t && !req.body.__t)) {
+    if (!doc) {
       throw new APIError({
         status: 404,
         title: `Could not find document to PATCH: ${req.params.id}`,
@@ -979,7 +937,7 @@ export function modelRouter<T>(
 
     if (options.postUpdate) {
       try {
-        await options.postUpdate(doc, body, req, prevDoc);
+        await options.postUpdate(doc as any, body, req, prevDoc as any);
       } catch (error: any) {
         throw new APIError({
           disableExternalErrorTracking: getDisableExternalErrorTracking(error),
@@ -989,7 +947,7 @@ export function modelRouter<T>(
         });
       }
     }
-    return res.json({data: serialize<T>(req, options, doc)});
+    return res.json({data: serialize<T>(req, options, doc as any)});
   }
 
   async function arrayPost(req: Request, res: Response) {
@@ -1004,7 +962,7 @@ export function modelRouter<T>(
     return arrayOperation(req, res, "DELETE");
   }
   // Set up routes for managing array fields. Check if there any array fields to add this for.
-  if (Object.values(baseModel.schema.paths).find((config: any) => config.instance === "Array")) {
+  if (Object.values(model.schema.paths).find((config: any) => config.instance === "Array")) {
     router.post(
       "/:id/:field",
       authenticateMiddleware(options.allowAnonymous),
@@ -1033,4 +991,4 @@ export const asyncHandler = (fn: any) => (req: Request, res: Response, next: Nex
 
 // For backwards compatibility with the old names.
 export const gooseRestRouter = modelRouter;
-export type GooseRESTOptions<T> = modelRouterOptions<T>;
+export type GooseRESTOptions<T> = ModelRouterOptions<T>;

package/src/example.ts

@@ -2,7 +2,7 @@ import express from "express";
 import mongoose, {model, Schema} from "mongoose";
 import passportLocalMongoose from "passport-local-mongoose";
 
-import {modelRouter, type modelRouterOptions} from "./api";
+import {type ModelRouterOptions, modelRouter} from "./api";
 import {addAuthRoutes, setupAuth} from "./auth";
 import {setupServer} from "./expressServer";
 import {logger} from "./logger";
@@ -68,7 +68,7 @@ function getBaseServer() {
   setupAuth(app, UserModel as any);
   addAuthRoutes(app, UserModel as any);
 
-  function addRoutes(router: express.Router, options?: Partial<modelRouterOptions<any>>): void {
+  function addRoutes(router: express.Router, options?: Partial<ModelRouterOptions<any>>): void {
     router.use(
       "/food",
       modelRouter(FoodModel, {

package/src/expressServer.ts

@@ -9,7 +9,7 @@ import onFinished from "on-finished";
 import passport from "passport";
 import qs from "qs";
 
-import type {modelRouterOptions} from "./api";
+import type {ModelRouterOptions} from "./api";
 import {addAuthRoutes, addMeRoutes, setupAuth, type UserModel as UserMongooseModel} from "./auth";
 import {apiErrorMiddleware, apiUnauthorizedMiddleware} from "./errors";
 import {type LoggingOptions, logger, setupLogging} from "./logger";
@@ -41,7 +41,7 @@ export function setupEnvironment(): void {
   }
 }
 
-export type AddRoutes = (router: Router, options?: Partial<modelRouterOptions<any>>) => void;
+export type AddRoutes = (router: Router, options?: Partial<ModelRouterOptions<any>>) => void;
 
 const logRequestsFinished = (req: any, res: any, startTime: bigint) => {
   const options = (res.locals.loggingOptions ?? {}) as LoggingOptions;

package/src/openApi.test.ts

@@ -4,13 +4,13 @@ import type {Router} from "express";
 import supertest from "supertest";
 import type TestAgent from "supertest/lib/agent";
 
-import {modelRouter, type modelRouterOptions} from "./api";
+import {type ModelRouterOptions, modelRouter} from "./api";
 import {addAuthRoutes, setupAuth} from "./auth";
 import {setupServer} from "./expressServer";
 import {Permissions} from "./permissions";
 import {FoodModel, setupDb, UserModel} from "./tests";
 
-function getMessageSummaryOpenApiMiddleware(options: Partial<modelRouterOptions<any>>): any {
+function getMessageSummaryOpenApiMiddleware(options: Partial<ModelRouterOptions<any>>): any {
   return options.openApi.path({
     parameters: [
       {
@@ -42,7 +42,7 @@ function getMessageSummaryOpenApiMiddleware(options: Partial<modelRouterOptions<
   });
 }
 
-function addRoutes(router: Router, options?: Partial<modelRouterOptions<any>>): void {
+function addRoutes(router: Router, options?: Partial<ModelRouterOptions<any>>): void {
   router.use(
     "/food",
     modelRouter(FoodModel as any, {
@@ -176,7 +176,7 @@ describe("openApi", () => {
   });
 });
 
-function addRoutesPopulate(router: Router, options?: Partial<modelRouterOptions<any>>): void {
+function addRoutesPopulate(router: Router, options?: Partial<ModelRouterOptions<any>>): void {
   options?.openApi.component("schemas", "LimitedUser", {
     properties: {
       email: {

package/src/openApi.ts

@@ -3,7 +3,7 @@ import merge from "lodash/merge";
 import type {Model} from "mongoose";
 import m2s from "mongoose-to-swagger";
 
-import type {modelRouterOptions} from "./api";
+import type {ModelRouterOptions} from "./api";
 import {logger} from "./logger";
 import {getOpenApiSpecForModel} from "./populate";
 
@@ -112,7 +112,7 @@ function createAPIErrorComponent(openApi: any) {
   });
 }
 
-export function getOpenApiMiddleware<T>(model: Model<T>, options: Partial<modelRouterOptions<T>>) {
+export function getOpenApiMiddleware<T>(model: Model<T>, options: Partial<ModelRouterOptions<T>>) {
   createAPIErrorComponent(options.openApi);
   if (!options.openApi?.path) {
     // Just log this once rather than for each middleware.
@@ -154,7 +154,7 @@ export function getOpenApiMiddleware<T>(model: Model<T>, options: Partial<modelR
   );
 }
 
-export function listOpenApiMiddleware<T>(model: Model<T>, options: Partial<modelRouterOptions<T>>) {
+export function listOpenApiMiddleware<T>(model: Model<T>, options: Partial<ModelRouterOptions<T>>) {
   if (!options.openApi?.path) {
     return noop;
   }
@@ -319,7 +319,7 @@ export function listOpenApiMiddleware<T>(model: Model<T>, options: Partial<model
 
 export function createOpenApiMiddleware<T>(
   model: Model<T>,
-  options: Partial<modelRouterOptions<T>>
+  options: Partial<ModelRouterOptions<T>>
 ) {
   if (!options.openApi?.path) {
     return noop;
@@ -371,7 +371,7 @@ export function createOpenApiMiddleware<T>(
 
 export function patchOpenApiMiddleware<T>(
   model: Model<T>,
-  options: Partial<modelRouterOptions<T>>
+  options: Partial<ModelRouterOptions<T>>
 ) {
   if (!options.openApi?.path) {
     return noop;
@@ -423,7 +423,7 @@ export function patchOpenApiMiddleware<T>(
 
 export function deleteOpenApiMiddleware<T>(
   model: Model<T>,
-  options: Partial<modelRouterOptions<T>>
+  options: Partial<ModelRouterOptions<T>>
 ) {
   if (!options.openApi?.path) {
     return noop;
@@ -452,7 +452,7 @@ export function deleteOpenApiMiddleware<T>(
 // This is a generic OpenAPI wrapper for a read that returns any object described by `properties`.
 // Useful for endpoints that don't directly map to a model.
 export function readOpenApiMiddleware<T>(
-  options: Partial<modelRouterOptions<T>>,
+  options: Partial<ModelRouterOptions<T>>,
   properties: any,
   required: string[],
   queryParameters: any

package/src/openApiBuilder.test.ts

@@ -4,14 +4,14 @@ import type {Router} from "express";
 import supertest from "supertest";
 import type TestAgent from "supertest/lib/agent";
 
-import {modelRouter, type modelRouterOptions} from "./api";
+import {type ModelRouterOptions, modelRouter} from "./api";
 import {addAuthRoutes, setupAuth} from "./auth";
 import {setupServer} from "./expressServer";
 import {createOpenApiBuilder, OpenApiMiddlewareBuilder} from "./openApiBuilder";
 import {Permissions} from "./permissions";
 import {FoodModel, UserModel} from "./tests";
 
-function addRoutesWithBuilder(router: Router, options?: Partial<modelRouterOptions<any>>): void {
+function addRoutesWithBuilder(router: Router, options?: Partial<ModelRouterOptions<any>>): void {
   // Add a custom endpoint using the OpenApiMiddlewareBuilder
   const statsMiddleware = createOpenApiBuilder(options ?? {})
     .withTags(["Stats"])

package/src/openApiBuilder.ts

@@ -31,7 +31,7 @@
  */
 import merge from "lodash/merge";
 
-import type {modelRouterOptions} from "./api";
+import type {ModelRouterOptions} from "./api";
 import {logger} from "./logger";
 import {defaultOpenApiErrorResponses} from "./openApi";
 
@@ -250,7 +250,7 @@ interface OpenApiConfig {
  */
 export class OpenApiMiddlewareBuilder {
   /** Router options containing OpenAPI configuration */
-  private options: Partial<modelRouterOptions<any>>;
+  private options: Partial<ModelRouterOptions<any>>;
 
   /** Accumulated OpenAPI configuration from builder methods */
   private config: OpenApiConfig;
@@ -260,7 +260,7 @@ export class OpenApiMiddlewareBuilder {
    *
    * @param options - Router options containing the OpenAPI path configuration
    */
-  constructor(options: Partial<modelRouterOptions<any>>) {
+  constructor(options: Partial<ModelRouterOptions<any>>) {
     this.options = options;
     this.config = {
       responses: {},
@@ -630,7 +630,7 @@ export class OpenApiMiddlewareBuilder {
  * ```
  */
 export function createOpenApiBuilder(
-  options: Partial<modelRouterOptions<any>>
+  options: Partial<ModelRouterOptions<any>>
 ): OpenApiMiddlewareBuilder {
   return new OpenApiMiddlewareBuilder(options);
 }

package/src/permissions.ts

@@ -4,7 +4,7 @@ import type express from "express";
 import type {NextFunction} from "express";
 import mongoose, {type Model} from "mongoose";
 
-import {addPopulateToQuery, getModel, type modelRouterOptions, type RESTMethod} from "./api";
+import {addPopulateToQuery, type ModelRouterOptions, type RESTMethod} from "./api";
 import type {User} from "./auth";
 import {APIError} from "./errors";
 import {logger} from "./logger";
@@ -101,8 +101,8 @@ export async function checkPermissions<T>(
 // finds the relevant object, checks the permissions, and attaches the object to the request as
 // req.obj.
 export function permissionMiddleware<T>(
-  baseModel: Model<T>,
-  options: Pick<modelRouterOptions<T>, "permissions" | "populatePaths" | "discriminatorKey">
+  model: Model<T>,
+  options: Pick<ModelRouterOptions<T>, "permissions" | "populatePaths">
 ) {
   return async (req: express.Request, _res: express.Response, next: NextFunction) => {
     if (req.method === "OPTIONS") {
@@ -131,8 +131,6 @@ export function permissionMiddleware<T>(
         });
       }
 
-      const model = getModel(baseModel, req.body, options);
-
       // All methods check for permissions.
       if (!(await checkPermissions(method, options.permissions[method], req.user))) {
         throw new APIError({
@@ -159,15 +157,7 @@ export function permissionMiddleware<T>(
           title: `GET failed on ${req.params.id}`,
         });
       }
-      if (!data || (["update", "delete"].includes(method) && data?.__t && !req.body?.__t)) {
-        // For discriminated models, return 404 without checking hidden state
-        if (["update", "delete"].includes(method) && data?.__t && !req.body?.__t) {
-          throw new APIError({
-            status: 404,
-            title: `Document ${req.params.id} not found for model ${model.modelName}`,
-          });
-        }
-
+      if (!data) {
         // Check if document exists but is hidden. Completely skip plugins.
         const hiddenDoc = await model.collection.findOne({
           _id: new mongoose.Types.ObjectId(req.params.id),

package/src/transformers.ts

@@ -1,7 +1,7 @@
 import type express from "express";
 import type {Document} from "mongoose";
 
-import type {modelRouterOptions} from "./api";
+import type {ModelRouterOptions} from "./api";
 import type {User} from "./auth";
 import {APIError} from "./errors";
 import {logger} from "./logger";
@@ -88,7 +88,7 @@ export function AdminOwnerTransformer<T>(options: {
 }
 
 export function transform<T>(
-  options: modelRouterOptions<T>,
+  options: ModelRouterOptions<T>,
   data: Partial<T> | Partial<T>[],
   method: "create" | "update",
   user?: User
@@ -112,7 +112,7 @@ export function transform<T>(
 
 export function serialize<T>(
   req: express.Request,
-  options: modelRouterOptions<T>,
+  options: ModelRouterOptions<T>,
   data: (Document<any, any, any> & T) | (Document<any, any, any> & T)[]
 ) {
   const serializeFn = (serializeData: Document<any, any, any> & T, serializeUser?: User) => {
@@ -153,7 +153,7 @@ export async function defaultResponseHandler<T>(
   doc: (Document<any, any, any> & T) | (Document<any, any, any> & T)[] | null,
   method: "list" | "create" | "read" | "update",
   request: express.Request,
-  options: modelRouterOptions<T>
+  options: ModelRouterOptions<T>
 ) {
   if (!doc) {
     return null;