npm - @terreno/api - Versions diffs - 0.20.2 → 0.22.0 - Mend

@terreno/api 0.20.2 → 0.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (107) hide show

package/.ai/guidelines/core.md +71 -0
package/.ai/skills/mongoose-schema-safety/SKILL.md +143 -0
package/README.md +54 -1
package/bunfig.toml +1 -1
package/dist/__tests__/versionCheckPlugin.test.js +29 -7
package/dist/actions.openApi.test.js +13 -11
package/dist/api.js +98 -11
package/dist/api.query.test.js +31 -1
package/dist/api.test.js +211 -0
package/dist/auth.test.js +418 -43
package/dist/betterAuth.d.ts +1 -1
package/dist/consentApp.test.js +1 -0
package/dist/example.js +4 -4
package/dist/expressServer.d.ts +0 -22
package/dist/expressServer.js +1 -125
package/dist/expressServer.test.js +90 -91
package/dist/githubAuth.test.js +22 -22
package/dist/logger.d.ts +154 -0
package/dist/logger.js +445 -26
package/dist/logger.test.js +435 -0
package/dist/middleware.d.ts +7 -0
package/dist/middleware.js +58 -1
package/dist/middleware.test.js +159 -0
package/dist/models/consentForm.js +2 -1
package/dist/models/consentResponse.js +2 -1
package/dist/models/versionConfig.js +2 -1
package/dist/openApi.test.js +10 -17
package/dist/openApiBuilder.d.ts +18 -0
package/dist/openApiBuilder.js +21 -0
package/dist/openApiBuilder.test.js +34 -10
package/dist/permissions.test.js +10 -43
package/dist/populate.test.js +10 -42
package/dist/realtime/changeStreamWatcher.d.ts +4 -4
package/dist/realtime/changeStreamWatcher.js +2 -4
package/dist/realtime/queryMatcher.d.ts +1 -1
package/dist/realtime/queryMatcher.js +39 -14
package/dist/realtime/types.d.ts +3 -3
package/dist/requestContext.d.ts +61 -0
package/dist/requestContext.js +74 -0
package/dist/secretProviders.test.js +335 -0
package/dist/syncConsents.test.js +2 -2
package/dist/terrenoApp.d.ts +27 -15
package/dist/terrenoApp.js +24 -14
package/dist/terrenoApp.test.js +52 -0
package/dist/tests/bunSetup.js +66 -262
package/dist/tests/createTestData.d.ts +9 -0
package/dist/tests/createTestData.js +272 -0
package/dist/tests/models.d.ts +71 -0
package/dist/tests/models.js +134 -0
package/dist/tests/mongoTestSetup.d.ts +7 -0
package/dist/tests/mongoTestSetup.js +150 -0
package/dist/tests/testEnv.d.ts +0 -0
package/dist/tests/testEnv.js +6 -0
package/dist/tests/testHelper.d.ts +22 -0
package/dist/tests/testHelper.js +115 -0
package/dist/tests/types.d.ts +29 -0
package/dist/tests/types.js +2 -0
package/dist/tests.d.ts +10 -78
package/dist/tests.js +24 -241
package/dist/transformers.test.js +14 -50
package/package.json +18 -4
package/src/__snapshots__/openApiBuilder.test.ts.snap +1 -0
package/src/__tests__/versionCheckPlugin.test.ts +43 -15
package/src/actions.openApi.test.ts +12 -10
package/src/api.query.test.ts +24 -1
package/src/api.test.ts +169 -0
package/src/api.ts +71 -0
package/src/auth.test.ts +287 -39
package/src/betterAuth.ts +1 -1
package/src/consentApp.test.ts +1 -0
package/src/example.ts +4 -4
package/src/expressServer.test.ts +82 -85
package/src/expressServer.ts +1 -213
package/src/githubAuth.test.ts +22 -22
package/src/logger.test.ts +466 -1
package/src/logger.ts +477 -14
package/src/middleware.test.ts +74 -2
package/src/middleware.ts +57 -0
package/src/models/consentForm.ts +3 -4
package/src/models/consentResponse.ts +6 -4
package/src/models/versionConfig.ts +3 -4
package/src/openApi.test.ts +10 -17
package/src/openApiBuilder.test.ts +27 -10
package/src/openApiBuilder.ts +24 -0
package/src/permissions.test.ts +8 -23
package/src/populate.test.ts +7 -22
package/src/realtime/changeStreamWatcher.ts +15 -10
package/src/realtime/queryMatcher.ts +54 -27
package/src/realtime/types.ts +4 -4
package/src/requestContext.ts +86 -0
package/src/secretProviders.test.ts +219 -1
package/src/syncConsents.test.ts +1 -1
package/src/terrenoApp.test.ts +38 -0
package/src/terrenoApp.ts +37 -15
package/src/tests/bunSetup.ts +22 -236
package/src/tests/createTestData.ts +176 -0
package/src/tests/models.ts +164 -0
package/src/tests/mongoTestSetup.ts +69 -0
package/src/tests/testEnv.ts +4 -0
package/src/tests/testHelper.ts +57 -0
package/src/tests/types.ts +35 -0
package/src/tests.ts +40 -231
package/src/transformers.test.ts +11 -30
package/tsconfig.typedoc.json +4 -0
package/dist/tests/index.d.ts +0 -1
package/dist/tests/index.js +0 -17
package/src/tests/index.ts +0 -1

package/dist/api.js CHANGED Viewed

@@ -173,9 +173,95 @@ exports.addPopulateToQuery = addPopulateToQuery;
 var PAGINATION_QUERY_PARAMS = ["limit", "page", "sort"];
 // Add support for more complex queries.
 var COMPLEX_QUERY_PARAMS = ["$and", "$or"];
+/**
+ * Parses a date-range query bound from an ISO-8601 string using Luxon, throwing a 400
+ * APIError when the value cannot be parsed. Centralizes date-string parsing so the repo's
+ * Luxon convention is honored for admin changelist date-range filters.
+ */
+var parseDateRangeBound = function (rawValue, queryKey) {
+    var parsed = luxon_1.DateTime.fromISO(String(rawValue), { zone: "utc" });
+    if (!parsed.isValid) {
+        throw new errors_1.APIError({
+            status: 400,
+            title: "Invalid date for query parameter ".concat(queryKey),
+        });
+    }
+    return parsed.toJSDate();
+};
+/**
+ * Collapses `field_gte` / `field_lte` query pairs into `{ field: { $gte, $lte } }` for Date paths,
+ * so admin changelist date-range filters map to valid Mongoose range queries.
+ */
+var mergeDateRangeQueryParams = function (model, query) {
+    var e_2, _a, e_3, _b;
+    var schema = model.schema;
+    var result = __assign({}, query);
+    var dateRangeBases = new Set();
+    try {
+        for (var _c = __values(Object.keys(result)), _d = _c.next(); !_d.done; _d = _c.next()) {
+            var key = _d.value;
+            var match = /^(.+)_(gte|lte)$/.exec(key);
+            if (!match) {
+                continue;
+            }
+            var baseField = match[1];
+            var path = schema.path(baseField);
+            if (!path || path.instance !== "Date") {
+                continue;
+            }
+            dateRangeBases.add(baseField);
+        }
+    }
+    catch (e_2_1) { e_2 = { error: e_2_1 }; }
+    finally {
+        try {
+            if (_d && !_d.done && (_a = _c.return)) _a.call(_c);
+        }
+        finally { if (e_2) throw e_2.error; }
+    }
+    try {
+        for (var dateRangeBases_1 = __values(dateRangeBases), dateRangeBases_1_1 = dateRangeBases_1.next(); !dateRangeBases_1_1.done; dateRangeBases_1_1 = dateRangeBases_1.next()) {
+            var baseField = dateRangeBases_1_1.value;
+            var gteKey = "".concat(baseField, "_gte");
+            var lteKey = "".concat(baseField, "_lte");
+            var gteRaw = result[gteKey];
+            var lteRaw = result[lteKey];
+            var bounds = {};
+            if (gteRaw !== undefined && gteRaw !== null && String(gteRaw).trim() !== "") {
+                bounds.$gte = parseDateRangeBound(gteRaw, gteKey);
+            }
+            if (lteRaw !== undefined && lteRaw !== null && String(lteRaw).trim() !== "") {
+                bounds.$lte = parseDateRangeBound(lteRaw, lteKey);
+            }
+            if (Object.keys(bounds).length === 0) {
+                continue;
+            }
+            delete result[gteKey];
+            delete result[lteKey];
+            var direct = result[baseField];
+            if (direct !== undefined && direct !== null && typeof direct !== "object") {
+                delete result[baseField];
+            }
+            if (typeof direct === "object" && direct !== null && !Array.isArray(direct)) {
+                result[baseField] = __assign(__assign({}, direct), bounds);
+            }
+            else {
+                result[baseField] = bounds;
+            }
+        }
+    }
+    catch (e_3_1) { e_3 = { error: e_3_1 }; }
+    finally {
+        try {
+            if (dateRangeBases_1_1 && !dateRangeBases_1_1.done && (_b = dateRangeBases_1.return)) _b.call(dateRangeBases_1);
+        }
+        finally { if (e_3) throw e_3.error; }
+    }
+    return result;
+};
 // Ensures query params are allowed. Also checks nested query params when using $and/$or.
 var checkQueryParamAllowed = function (queryParam, queryParamValue, queryFields) {
-    var e_2, _a, e_3, _b;
+    var e_4, _a, e_5, _b;
     if (queryFields === void 0) { queryFields = []; }
     // Cast for iteration through complex query values
     var complexValue = queryParamValue;
@@ -187,26 +273,26 @@ var checkQueryParamAllowed = function (queryParam, queryParamValue, queryFields)
             for (var complexValue_1 = __values(complexValue), complexValue_1_1 = complexValue_1.next(); !complexValue_1_1.done; complexValue_1_1 = complexValue_1.next()) {
                 var subQuery = complexValue_1_1.value;
                 try {
-                    for (var _c = (e_3 = void 0, __values(Object.keys(subQuery))), _d = _c.next(); !_d.done; _d = _c.next()) {
+                    for (var _c = (e_5 = void 0, __values(Object.keys(subQuery))), _d = _c.next(); !_d.done; _d = _c.next()) {
                         var subKey = _d.value;
                         checkQueryParamAllowed(subKey, subQuery[subKey], queryFields);
                     }
                 }
-                catch (e_3_1) { e_3 = { error: e_3_1 }; }
+                catch (e_5_1) { e_5 = { error: e_5_1 }; }
                 finally {
                     try {
                         if (_d && !_d.done && (_b = _c.return)) _b.call(_c);
                     }
-                    finally { if (e_3) throw e_3.error; }
+                    finally { if (e_5) throw e_5.error; }
                 }
             }
         }
-        catch (e_2_1) { e_2 = { error: e_2_1 }; }
+        catch (e_4_1) { e_4 = { error: e_4_1 }; }
         finally {
             try {
                 if (complexValue_1_1 && !complexValue_1_1.done && (_a = complexValue_1.return)) _a.call(complexValue_1);
             }
-            finally { if (e_2) throw e_2.error; }
+            finally { if (e_4) throw e_4.error; }
         }
         return;
     }
@@ -489,7 +575,7 @@ function _buildModelRouter(model, options) {
         queryValidation,
     ], (0, exports.asyncHandler)(function (req, res) { return __awaiter(_this, void 0, void 0, function () {
         var query, _a, _b, queryParam, _c, _d, queryParam, queryFilter, error_6, limit, builtQuery, total, populatedQuery, data, error_7, serialized, error_8, more, msg;
-        var e_4, _e, e_5, _f;
+        var e_6, _e, e_7, _f;
         var _g, _h, _j, _k, _l, _m;
         return __generator(this, function (_o) {
             switch (_o.label) {
@@ -501,12 +587,12 @@ function _buildModelRouter(model, options) {
                             query[queryParam] = (_h = options.defaultQueryParams) === null || _h === void 0 ? void 0 : _h[queryParam];
                         }
                     }
-                    catch (e_4_1) { e_4 = { error: e_4_1 }; }
+                    catch (e_6_1) { e_6 = { error: e_6_1 }; }
                     finally {
                         try {
                             if (_b && !_b.done && (_e = _a.return)) _e.call(_a);
                         }
-                        finally { if (e_4) throw e_4.error; }
+                        finally { if (e_6) throw e_6.error; }
                     }
                     try {
                         for (_c = __values(Object.keys(req.query)), _d = _c.next(); !_d.done; _d = _c.next()) {
@@ -527,13 +613,14 @@ function _buildModelRouter(model, options) {
                             }
                         }
                     }
-                    catch (e_5_1) { e_5 = { error: e_5_1 }; }
+                    catch (e_7_1) { e_7 = { error: e_7_1 }; }
                     finally {
                         try {
                             if (_d && !_d.done && (_f = _c.return)) _f.call(_c);
                         }
-                        finally { if (e_5) throw e_5.error; }
+                        finally { if (e_7) throw e_7.error; }
                     }
+                    query = mergeDateRangeQueryParams(model, query);
                     // Special operators. NOTE: these request Mongo Atlas.
                     if (req.query.$search) {
                         (_j = mongoose_1.default.connection.db) === null || _j === void 0 ? void 0 : _j.collection(model.collection.collectionName);

package/dist/api.query.test.js CHANGED Viewed

@@ -184,7 +184,17 @@ var tests_1 = require("./tests");
                             update: [permissions_1.Permissions.IsOwner],
                         },
                         populatePaths: [{ path: "ownerId" }],
-                        queryFields: ["hidden", "name", "calories", "created", "source.name", "tags", "eatenBy"],
+                        queryFields: [
+                            "hidden",
+                            "name",
+                            "calories",
+                            "created",
+                            "created_gte",
+                            "created_lte",
+                            "source.name",
+                            "tags",
+                            "eatenBy",
+                        ],
                         sort: { created: "descending" },
                     }));
                     server = (0, supertest_1.default)(app);
@@ -344,6 +354,26 @@ var tests_1 = require("./tests");
             }
         });
     }); });
+    (0, bun_test_1.it)("list applies created_gte and created_lte as a Date range", function () { return __awaiter(void 0, void 0, void 0, function () {
+        var res, names;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0: return [4 /*yield*/, agent
+                        .get("/food")
+                        .query({
+                        created_gte: "2021-12-03T00:00:05.000Z",
+                        created_lte: "2021-12-03T00:00:25.000Z",
+                        limit: 10,
+                    })
+                        .expect(200)];
+                case 1:
+                    res = _a.sent();
+                    names = res.body.data.map(function (d) { return d.name; }).sort();
+                    (0, bun_test_1.expect)(names).toEqual(["Pizza", "Spinach"]);
+                    return [2 /*return*/];
+            }
+        });
+    }); });
     (0, bun_test_1.it)("list query params not in list", function () { return __awaiter(void 0, void 0, void 0, function () {
         var res;
         return __generator(this, function (_a) {

package/dist/api.test.js CHANGED Viewed

@@ -2588,5 +2588,216 @@ var transformers_1 = require("./transformers");
                 }
             });
         }); });
+        (0, bun_test_1.it)("returns 400 when X-Unmodified-Since-ISO header is an invalid date", function () { return __awaiter(void 0, void 0, void 0, function () {
+            var res;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, agent
+                            .patch("/food/".concat(spinach._id))
+                            .set("X-Unmodified-Since-ISO", "not-a-date")
+                            .send({ name: "Bad Date" })
+                            .expect(400)];
+                    case 1:
+                        res = _a.sent();
+                        (0, bun_test_1.expect)(res.body.title).toBe("Invalid conflict-detection timestamp");
+                        (0, bun_test_1.expect)(res.body.detail).toContain("X-Unmodified-Since-ISO");
+                        return [2 /*return*/];
+                }
+            });
+        }); });
+        (0, bun_test_1.it)("returns 400 when If-Unmodified-Since header is an invalid HTTP date", function () { return __awaiter(void 0, void 0, void 0, function () {
+            var res;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, agent
+                            .patch("/food/".concat(spinach._id))
+                            .set("If-Unmodified-Since", "not-a-valid-http-date")
+                            .send({ name: "Bad HTTP Date" })
+                            .expect(400)];
+                    case 1:
+                        res = _a.sent();
+                        (0, bun_test_1.expect)(res.body.title).toBe("Invalid conflict-detection timestamp");
+                        (0, bun_test_1.expect)(res.body.detail).toContain("If-Unmodified-Since");
+                        return [2 /*return*/];
+                }
+            });
+        }); });
+        (0, bun_test_1.it)("returns 400 when _updatedAt body field is an invalid date", function () { return __awaiter(void 0, void 0, void 0, function () {
+            var res;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, agent
+                            .patch("/food/".concat(spinach._id))
+                            .send({ _updatedAt: "garbage-date", name: "Bad Body Date" })
+                            .expect(400)];
+                    case 1:
+                        res = _a.sent();
+                        (0, bun_test_1.expect)(res.body.title).toBe("Invalid conflict-detection timestamp");
+                        (0, bun_test_1.expect)(res.body.detail).toContain("_updatedAt");
+                        return [2 /*return*/];
+                }
+            });
+        }); });
+        (0, bun_test_1.it)("handles doc timestamp stored as ISO string", function () { return __awaiter(void 0, void 0, void 0, function () {
+            var res;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, tests_1.FoodModel.collection.updateOne({ _id: spinach._id }, { $set: { updated: "2025-06-15T12:00:00.000Z" } })];
+                    case 1:
+                        _a.sent();
+                        return [4 /*yield*/, agent
+                                .patch("/food/".concat(spinach._id))
+                                .set("If-Unmodified-Since", luxon_1.DateTime.fromISO("2025-06-15T11:00:00.000Z").toHTTP())
+                                .send({ name: "String Timestamp" })
+                                .expect(409)];
+                    case 2:
+                        res = _a.sent();
+                        (0, bun_test_1.expect)(res.body.error).toBe("Conflict");
+                        return [2 /*return*/];
+                }
+            });
+        }); });
+    });
+    (0, bun_test_1.describe)("three-arg modelRouter registration", function () {
+        (0, bun_test_1.it)("returns a ModelRouterRegistration with path and realtime", function () {
+            var registration = (0, api_1.modelRouter)("/food", tests_1.FoodModel, {
+                permissions: {
+                    create: [permissions_1.Permissions.IsAny],
+                    delete: [permissions_1.Permissions.IsAny],
+                    list: [permissions_1.Permissions.IsAny],
+                    read: [permissions_1.Permissions.IsAny],
+                    update: [permissions_1.Permissions.IsAny],
+                },
+                realtime: { methods: ["create", "update", "delete"], roomStrategy: "model" },
+            });
+            (0, bun_test_1.expect)(registration).toHaveProperty("__type", "modelRouter");
+            (0, bun_test_1.expect)(registration).toHaveProperty("path", "/food");
+            (0, bun_test_1.expect)(registration).toHaveProperty("router");
+            (0, bun_test_1.expect)(registration).toHaveProperty("_buildWithOpenApi");
+        });
+        (0, bun_test_1.it)("logs a warning when realtime config is used without the path form", function () {
+            var router = (0, api_1.modelRouter)(tests_1.FoodModel, {
+                permissions: {
+                    create: [permissions_1.Permissions.IsAny],
+                    delete: [permissions_1.Permissions.IsAny],
+                    list: [permissions_1.Permissions.IsAny],
+                    read: [permissions_1.Permissions.IsAny],
+                    update: [permissions_1.Permissions.IsAny],
+                },
+                realtime: { methods: ["create", "update", "delete"], roomStrategy: "model" },
+            });
+            // Returns a plain Router, not a registration, because no path was given
+            (0, bun_test_1.expect)(router).toBeDefined();
+            (0, bun_test_1.expect)(router).not.toHaveProperty("__type");
+        });
+    });
+    (0, bun_test_1.describe)("create transform error wrapping", function () {
+        var admin;
+        var agent;
+        (0, bun_test_1.beforeEach)(function () { return __awaiter(void 0, void 0, void 0, function () {
+            var _a;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0: return [4 /*yield*/, (0, tests_1.setupDb)()];
+                    case 1:
+                        _a = __read.apply(void 0, [_b.sent(), 1]), admin = _a[0];
+                        app = (0, tests_1.getBaseServer)();
+                        (0, auth_1.setupAuth)(app, tests_1.UserModel);
+                        (0, auth_1.addAuthRoutes)(app, tests_1.UserModel);
+                        app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
+                            permissions: {
+                                create: [permissions_1.Permissions.IsAny],
+                                delete: [permissions_1.Permissions.IsAny],
+                                list: [permissions_1.Permissions.IsAny],
+                                read: [permissions_1.Permissions.IsAny],
+                                update: [permissions_1.Permissions.IsAny],
+                            },
+                            transformer: {
+                                transform: function () {
+                                    throw new Error("generic transform error");
+                                },
+                            },
+                        }));
+                        server = (0, supertest_1.default)(app);
+                        return [4 /*yield*/, (0, tests_1.authAsUser)(app, "admin")];
+                    case 2:
+                        agent = _b.sent();
+                        return [2 /*return*/];
+                }
+            });
+        }); });
+        (0, bun_test_1.it)("wraps non-APIError transform errors in a 400 APIError on create", function () { return __awaiter(void 0, void 0, void 0, function () {
+            var res;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, agent
+                            .post("/food")
+                            .send({ calories: 10, name: "New Food", ownerId: admin._id })
+                            .expect(400)];
+                    case 1:
+                        res = _a.sent();
+                        (0, bun_test_1.expect)(res.body.title).toContain("generic transform error");
+                        return [2 /*return*/];
+                }
+            });
+        }); });
+    });
+    (0, bun_test_1.describe)("update transform error wrapping", function () {
+        var admin;
+        var agent;
+        var spinach;
+        (0, bun_test_1.beforeEach)(function () { return __awaiter(void 0, void 0, void 0, function () {
+            var _a;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0: return [4 /*yield*/, (0, tests_1.setupDb)()];
+                    case 1:
+                        _a = __read.apply(void 0, [_b.sent(), 1]), admin = _a[0];
+                        return [4 /*yield*/, tests_1.FoodModel.create({
+                                calories: 10,
+                                created: new Date(),
+                                hidden: false,
+                                name: "Spinach",
+                                ownerId: admin._id,
+                            })];
+                    case 2:
+                        spinach = _b.sent();
+                        app = (0, tests_1.getBaseServer)();
+                        (0, auth_1.setupAuth)(app, tests_1.UserModel);
+                        (0, auth_1.addAuthRoutes)(app, tests_1.UserModel);
+                        app.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
+                            permissions: {
+                                create: [permissions_1.Permissions.IsAny],
+                                delete: [permissions_1.Permissions.IsAny],
+                                list: [permissions_1.Permissions.IsAny],
+                                read: [permissions_1.Permissions.IsAny],
+                                update: [permissions_1.Permissions.IsAny],
+                            },
+                            transformer: {
+                                transform: function () {
+                                    throw new Error("update transform error");
+                                },
+                            },
+                        }));
+                        server = (0, supertest_1.default)(app);
+                        return [4 /*yield*/, (0, tests_1.authAsUser)(app, "admin")];
+                    case 3:
+                        agent = _b.sent();
+                        return [2 /*return*/];
+                }
+            });
+        }); });
+        (0, bun_test_1.it)("wraps non-APIError transform errors in a 403 APIError on update", function () { return __awaiter(void 0, void 0, void 0, function () {
+            var res;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, agent.patch("/food/".concat(spinach._id)).send({ name: "Updated" }).expect(403)];
+                    case 1:
+                        res = _a.sent();
+                        (0, bun_test_1.expect)(res.body.title).toContain("update transform error");
+                        return [2 /*return*/];
+                }
+            });
+        }); });
     });
 });