@terreno/api 0.3.1 → 0.4.2

package/dist/secretProviders.js

@@ -0,0 +1,214 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+var __read = (this && this.__read) || function (o, n) {
+    var m = typeof Symbol === "function" && o[Symbol.iterator];
+    if (!m) return o;
+    var i = m.call(o), r, ar = [], e;
+    try {
+        while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);
+    }
+    catch (error) { e = { error: error }; }
+    finally {
+        try {
+            if (r && !r.done && (m = i["return"])) m.call(i);
+        }
+        finally { if (e) throw e.error; }
+    }
+    return ar;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GcpSecretProvider = exports.EnvSecretProvider = void 0;
+var logger_1 = require("./logger");
+/**
+ * Secret provider that reads secrets from environment variables.
+ * Useful for local development and testing.
+ *
+ * Maps secret names to environment variable names by converting to SCREAMING_SNAKE_CASE.
+ * e.g., "openai-api-key" → process.env.OPENAI_API_KEY
+ *
+ * @example
+ * ```typescript
+ * const provider = new EnvSecretProvider();
+ * // reads process.env.OPENAI_API_KEY
+ * const key = await provider.getSecret("openai-api-key");
+ * ```
+ */
+var EnvSecretProvider = /** @class */ (function () {
+    function EnvSecretProvider() {
+        this.name = "env";
+    }
+    EnvSecretProvider.prototype.getSecret = function (secretName) {
+        return __awaiter(this, void 0, void 0, function () {
+            var envKey, value;
+            var _a;
+            return __generator(this, function (_b) {
+                envKey = secretName.replace(/[-.]/g, "_").toUpperCase();
+                value = (_a = process.env[envKey]) !== null && _a !== void 0 ? _a : null;
+                if (value === null) {
+                    logger_1.logger.debug("EnvSecretProvider: no env var found for ".concat(secretName, " (tried ").concat(envKey, ")"));
+                }
+                return [2 /*return*/, value];
+            });
+        });
+    };
+    return EnvSecretProvider;
+}());
+exports.EnvSecretProvider = EnvSecretProvider;
+/**
+ * Secret provider that reads secrets from Google Cloud Secret Manager.
+ *
+ * Requires `@google-cloud/secret-manager` to be installed.
+ * Resolves short names like "openai-api-key" to the full resource path
+ * `projects/{projectId}/secrets/{secretName}/versions/latest`.
+ *
+ * @example
+ * ```typescript
+ * const provider = new GcpSecretProvider({ projectId: "my-project" });
+ * const key = await provider.getSecret("openai-api-key");
+ * ```
+ */
+var GcpSecretProvider = /** @class */ (function () {
+    function GcpSecretProvider(options) {
+        this.name = "gcp";
+        this.client = null;
+        this.projectId = options.projectId;
+    }
+    GcpSecretProvider.prototype.getClient = function () {
+        return __awaiter(this, void 0, void 0, function () {
+            var moduleName, mod, SecretManagerServiceClient, _a;
+            var _b, _c;
+            return __generator(this, function (_d) {
+                switch (_d.label) {
+                    case 0:
+                        if (!!this.client) return [3 /*break*/, 4];
+                        _d.label = 1;
+                    case 1:
+                        _d.trys.push([1, 3, , 4]);
+                        moduleName = "@google-cloud/secret-manager";
+                        return [4 /*yield*/, Promise.resolve("".concat(/* webpackIgnore: true */ moduleName)).then(function (s) { return __importStar(require(s)); })];
+                    case 2:
+                        mod = _d.sent();
+                        SecretManagerServiceClient = (_b = mod.SecretManagerServiceClient) !== null && _b !== void 0 ? _b : (_c = mod.default) === null || _c === void 0 ? void 0 : _c.SecretManagerServiceClient;
+                        this.client = new SecretManagerServiceClient();
+                        return [3 /*break*/, 4];
+                    case 3:
+                        _a = _d.sent();
+                        throw new Error("GcpSecretProvider requires @google-cloud/secret-manager. Install it with: bun add @google-cloud/secret-manager");
+                    case 4: return [2 /*return*/, this.client];
+                }
+            });
+        });
+    };
+    GcpSecretProvider.prototype.getSecret = function (secretName) {
+        return __awaiter(this, void 0, void 0, function () {
+            var client, resourceName, _a, version, payload, error_1;
+            var _b;
+            return __generator(this, function (_c) {
+                switch (_c.label) {
+                    case 0: return [4 /*yield*/, this.getClient()];
+                    case 1:
+                        client = _c.sent();
+                        if (secretName.startsWith("projects/")) {
+                            resourceName = secretName.endsWith("/versions/latest")
+                                ? secretName
+                                : "".concat(secretName, "/versions/latest");
+                        }
+                        else {
+                            resourceName = "projects/".concat(this.projectId, "/secrets/").concat(secretName, "/versions/latest");
+                        }
+                        _c.label = 2;
+                    case 2:
+                        _c.trys.push([2, 4, , 5]);
+                        return [4 /*yield*/, client.accessSecretVersion({ name: resourceName })];
+                    case 3:
+                        _a = __read.apply(void 0, [_c.sent(), 1]), version = _a[0];
+                        payload = (_b = version.payload) === null || _b === void 0 ? void 0 : _b.data;
+                        if (!payload) {
+                            logger_1.logger.warn("GcpSecretProvider: secret ".concat(secretName, " has no payload"));
+                            return [2 /*return*/, null];
+                        }
+                        return [2 /*return*/, typeof payload === "string" ? payload : new TextDecoder().decode(payload)];
+                    case 4:
+                        error_1 = _c.sent();
+                        if ((error_1 === null || error_1 === void 0 ? void 0 : error_1.code) === 5) {
+                            // NOT_FOUND
+                            logger_1.logger.warn("GcpSecretProvider: secret ".concat(secretName, " not found"));
+                            return [2 /*return*/, null];
+                        }
+                        throw error_1;
+                    case 5: return [2 /*return*/];
+                }
+            });
+        });
+    };
+    return GcpSecretProvider;
+}());
+exports.GcpSecretProvider = GcpSecretProvider;

package/dist/terrenoApp.d.ts

@@ -2,6 +2,7 @@ import * as Sentry from "@sentry/bun";
 import express from "express";
 import type { ModelRouterRegistration } from "./api";
 import { type UserModel as UserMongooseModel } from "./auth";
+import { type ConfigurationAppOptions } from "./configurationApp";
 import { type AuthOptions } from "./expressServer";
 import { type GitHubAuthOptions } from "./githubAuth";
 import { type LoggingOptions } from "./logger";
@@ -94,6 +95,7 @@ export declare class TerrenoApp {
     private options;
     private registrations;
     private middlewareFns;
+    private configurationApp;
     /**
      * Create a new TerrenoApp builder.
      *
@@ -139,6 +141,29 @@ export declare class TerrenoApp {
      * ```
      */
     addMiddleware(fn: express.RequestHandler | ((app: express.Application) => void)): this;
+    /**
+     * Register a configuration model with the application.
+     *
+     * Adds configuration management endpoints that expose the model's schema
+     * as metadata, and provide GET/PATCH endpoints for reading and updating
+     * the singleton configuration document. Nested subschemas become separate
+     * sections in the admin UI.
+     *
+     * All configuration endpoints require admin authentication.
+     *
+     * @param model - Mongoose model with configurationPlugin applied
+     * @param options - Optional configuration (basePath, fieldOverrides)
+     * @returns This TerrenoApp instance for method chaining
+     *
+     * @example
+     * ```typescript
+     * const app = new TerrenoApp({ userModel: User })
+     *   .configure(AppConfig)
+     *   .register(todoRouter)
+     *   .start();
+     * ```
+     */
+    configure(model: import("mongoose").Model<any>, options?: Omit<ConfigurationAppOptions, "model">): this;
     /**
      * Build the Express application without starting the server.
      *

package/dist/terrenoApp.js

@@ -1,4 +1,15 @@
 "use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     var desc = Object.getOwnPropertyDescriptor(m, k);
@@ -54,10 +65,12 @@ var cors_1 = __importDefault(require("cors"));
 var express_1 = __importDefault(require("express"));
 var qs_1 = __importDefault(require("qs"));
 var auth_1 = require("./auth");
+var configurationApp_1 = require("./configurationApp");
 var errors_1 = require("./errors");
 var expressServer_1 = require("./expressServer");
 var githubAuth_1 = require("./githubAuth");
 var logger_1 = require("./logger");
+var openApiCompat_1 = require("./openApiCompat");
 var openApiEtag_1 = require("./openApiEtag");
 /**
  * Fluent API for building Express applications with Terreno framework.
@@ -128,6 +141,7 @@ var TerrenoApp = /** @class */ (function () {
     function TerrenoApp(options) {
         this.registrations = [];
         this.middlewareFns = [];
+        this.configurationApp = null;
         this.options = options;
     }
     /**
@@ -175,6 +189,32 @@ var TerrenoApp = /** @class */ (function () {
         this.middlewareFns.push(fn);
         return this;
     };
+    /**
+     * Register a configuration model with the application.
+     *
+     * Adds configuration management endpoints that expose the model's schema
+     * as metadata, and provide GET/PATCH endpoints for reading and updating
+     * the singleton configuration document. Nested subschemas become separate
+     * sections in the admin UI.
+     *
+     * All configuration endpoints require admin authentication.
+     *
+     * @param model - Mongoose model with configurationPlugin applied
+     * @param options - Optional configuration (basePath, fieldOverrides)
+     * @returns This TerrenoApp instance for method chaining
+     *
+     * @example
+     * ```typescript
+     * const app = new TerrenoApp({ userModel: User })
+     *   .configure(AppConfig)
+     *   .register(todoRouter)
+     *   .start();
+     * ```
+     */
+    TerrenoApp.prototype.configure = function (model, options) {
+        this.configurationApp = new configurationApp_1.ConfigurationApp(__assign({ model: model }, options));
+        return this;
+    };
     /**
      * Build the Express application without starting the server.
      *
@@ -204,6 +244,8 @@ var TerrenoApp = /** @class */ (function () {
         (0, logger_1.setupLogging)(this.options.loggingOptions);
         var app = (0, express_1.default)();
         var options = this.options;
+        // Record mount paths on layers for Express 5 → OpenAPI compat
+        (0, openApiCompat_1.patchAppUse)(app);
         app.set("query parser", function (str) { var _a; return qs_1.default.parse(str, { arrayLimit: (_a = options.arrayLimit) !== null && _a !== void 0 ? _a : 200 }); });
         app.use((0, cors_1.default)({ credentials: true, origin: (_c = options.corsOrigin) !== null && _c !== void 0 ? _c : "*" }));
         try {
@@ -227,7 +269,7 @@ var TerrenoApp = /** @class */ (function () {
             }
             finally { if (e_1) throw e_1.error; }
         }
-        app.use(express_1.default.json());
+        app.use(express_1.default.json({ limit: "50mb" }));
         // Auth routes (login/signup/refresh_token) before JWT middleware
         (0, auth_1.addAuthRoutes)(app, options.userModel, options.authOptions);
         (0, auth_1.setupAuth)(app, options.userModel);
@@ -240,7 +282,7 @@ var TerrenoApp = /** @class */ (function () {
             next();
         });
         // Sentry scopes
-        app.all("*", function (req, _res, next) {
+        app.use(function (req, _res, next) {
             var _a;
             var transactionId = req.header("X-Transaction-ID");
             var sessionId = req.header("X-Session-ID");
@@ -256,6 +298,7 @@ var TerrenoApp = /** @class */ (function () {
             next();
         });
         // OpenAPI
+        app.use(openApiCompat_1.openApiCompatMiddleware);
         app.use(openApiEtag_1.openApiEtagMiddleware);
         var oapi = (0, openapi_1.default)({
             info: {
@@ -275,6 +318,10 @@ var TerrenoApp = /** @class */ (function () {
             (0, githubAuth_1.setupGitHubAuth)(app, options.userModel, options.githubAuth);
             (0, githubAuth_1.addGitHubAuthRoutes)(app, options.userModel, options.githubAuth, options.authOptions);
         }
+        // Mount configuration app if configured
+        if (this.configurationApp) {
+            this.configurationApp.register(app);
+        }
         try {
             // Mount registered model routers and plugins
             for (var _f = __values(this.registrations), _g = _f.next(); !_g.done; _g = _f.next()) {

package/dist/tests.d.ts

@@ -46,36 +46,54 @@ export interface Food {
         likes: boolean;
     }[];
 }
-export declare const UserModel: mongoose.Model<User, {}, {}, {}, mongoose.Document<unknown, {}, User, {}, {}> & User & {
+export declare const UserModel: mongoose.Model<User, {}, {}, {}, mongoose.Document<unknown, {}, User, {}, mongoose.DefaultSchemaOptions> & User & {
     _id: mongoose.Types.ObjectId;
 } & {
     __v: number;
-}, any>;
-export declare const SuperUserModel: mongoose.Model<User & SuperUser, {}, {}, {}, mongoose.Document<unknown, {}, User & SuperUser, {}, {}> & User & SuperUser & {
+} & {
+    id: string;
+}, any, User>;
+export declare const SuperUserModel: mongoose.Model<User & SuperUser, {}, {}, {
+    id: string;
+}, mongoose.Document<unknown, {}, User & SuperUser, {
+    id: string;
+}, mongoose.DefaultSchemaOptions> & Omit<User & SuperUser & {
     _id: mongoose.Types.ObjectId;
 } & {
     __v: number;
-}, any>;
-export declare const StaffUserModel: mongoose.Model<User & StaffUser, {}, {}, {}, mongoose.Document<unknown, {}, User & StaffUser, {}, {}> & User & StaffUser & {
+}, "id"> & {
+    id: string;
+}, any, User & SuperUser>;
+export declare const StaffUserModel: mongoose.Model<User & StaffUser, {}, {}, {
+    id: string;
+}, mongoose.Document<unknown, {}, User & StaffUser, {
+    id: string;
+}, mongoose.DefaultSchemaOptions> & Omit<User & StaffUser & {
     _id: mongoose.Types.ObjectId;
 } & {
     __v: number;
-}, any>;
+}, "id"> & {
+    id: string;
+}, any, User & StaffUser>;
 export declare const FoodModel: Model<Food>;
 interface RequiredField {
     name: string;
     about?: string;
 }
-export declare const RequiredModel: mongoose.Model<RequiredField, {}, {}, {}, mongoose.Document<unknown, {}, RequiredField, {}, {}> & RequiredField & {
+export declare const RequiredModel: mongoose.Model<RequiredField, {}, {}, {}, mongoose.Document<unknown, {}, RequiredField, {}, mongoose.DefaultSchemaOptions> & RequiredField & {
     _id: mongoose.Types.ObjectId;
 } & {
     __v: number;
-}, any>;
+} & {
+    id: string;
+}, any, RequiredField>;
 export declare function getBaseServer(): Express;
 export declare function authAsUser(app: express.Application, type: "admin" | "notAdmin"): Promise<TestAgent>;
-export declare function setupDb(): Promise<(mongoose.Document<unknown, {}, User, {}, {}> & User & {
+export declare function setupDb(): Promise<(mongoose.Document<unknown, {}, User, {}, mongoose.DefaultSchemaOptions> & User & {
     _id: mongoose.Types.ObjectId;
 } & {
     __v: number;
+} & {
+    id: string;
 })[]>;
 export {};

package/dist/tests.js

@@ -95,8 +95,10 @@ exports.setupDb = setupDb;
 var express_1 = __importDefault(require("express"));
 var mongoose_1 = __importStar(require("mongoose"));
 var passport_local_mongoose_1 = __importDefault(require("passport-local-mongoose"));
+var qs_1 = __importDefault(require("qs"));
 var supertest_1 = __importDefault(require("supertest"));
 var logger_1 = require("./logger");
+var openApiCompat_1 = require("./openApiCompat");
 var plugins_1 = require("./plugins");
 var userSchema = new mongoose_1.Schema({
     admin: { default: false, description: "Whether the user has admin privileges", type: Boolean },
@@ -189,7 +191,14 @@ var requiredSchema = new mongoose_1.Schema({
 exports.RequiredModel = (0, mongoose_1.model)("Required", requiredSchema);
 function getBaseServer() {
     var app = (0, express_1.default)();
-    app.all("/*", function (req, res, next) {
+    app.set("query parser", function (str) { return qs_1.default.parse(str, { arrayLimit: 200 }); });
+    // Express 5 defaults to 'simple' query parser (Node querystring) which doesn't
+    // support nested bracket notation like name[$regex]=Green. Use qs to match
+    // what setupServer() configures.
+    app.set("query parser", function (str) { return qs_1.default.parse(str, { arrayLimit: 200 }); });
+    // Record mount paths on layers for Express 5 → OpenAPI compat
+    (0, openApiCompat_1.patchAppUse)(app);
+    app.use(function (req, res, next) {
         res.header("Access-Control-Allow-Origin", "*");
         res.header("Access-Control-Allow-Headers", "*");
         // intercepts OPTIONS method

package/package.json

@@ -14,13 +14,13 @@
     "axios": "^1.13.2",
     "cors": "^2.8.5",
     "cron": "^4.3.4",
-    "expo-server-sdk": "^3.14.0",
-    "express": "^4.21.2",
+    "expo-server-sdk": "^6.0.0",
+    "express": "^5.2.1",
     "generaterr": "^1.5.0",
     "jsonwebtoken": "^9.0.2",
     "lodash": "^4.17.23",
     "luxon": "^3.7.2",
-    "mongoose": "8.18.1",
+    "mongoose": "9.2.3",
     "mongoose-to-swagger": "^1.4.0",
     "ms": "^2.1.3",
     "on-finished": "^2.3.0",
@@ -37,28 +37,28 @@
   "description": "Styled after the Django & Django REST Framework, a batteries-include framework for building REST APIs with Node/Express/Mongoose.",
   "devDependencies": {
     "@biomejs/biome": "^2.3.6",
-    "@types/bcrypt": "^5.0.2",
+    "@types/bcrypt": "^6.0.0",
     "@types/bun": "^1.2.4",
     "@types/cors": "^2.8.17",
     "@types/cron": "^2.4.3",
-    "@types/express": "^4.17.21",
+    "@types/express": "^5.0.6",
     "@types/jsonwebtoken": "^9.0.9",
     "@types/lodash": "^4.17.15",
     "@types/mongodb": "^4.0.7",
-    "@types/node": "^22.13.5",
+    "@types/node": "^25.3.0",
     "@types/on-finished": "^2.3.4",
     "@types/passport": "^1.0.17",
     "@types/passport-anonymous": "^1.0.5",
     "@types/passport-github2": "^1.2.9",
     "@types/passport-jwt": "^4.0.1",
     "@types/passport-local": "^1.0.38",
-    "@types/sinon": "^17.0.4",
+    "@types/sinon": "^21.0.0",
     "@types/supertest": "^6.0.2",
     "mongodb-memory-server": "^11.0.1",
-    "sinon": "^19.0.2",
+    "sinon": "^21.0.1",
     "supertest": "^7.0.0",
-    "typedoc": "~0.27.9",
-    "typescript": "5.8.2"
+    "typedoc": "~0.28.17",
+    "typescript": "5.9.3"
   },
   "homepage": "https://github.com/FlourishHealth/terreno#readme",
   "keywords": [
@@ -71,7 +71,7 @@
   "main": "dist/index.js",
   "name": "@terreno/api",
   "peerDependencies": {
-    "mongoose": "^8.0.0"
+    "mongoose": "^9.0.0"
   },
   "repository": {
     "type": "git",
@@ -88,10 +88,10 @@
     "lint": "biome check ./src",
     "lint:fix": "biome check --write ./src",
     "lint:unsafefix": "biome check --fix --unsafe ./src",
-    "test": "bun test --preload ./src/tests/bunSetup.ts",
+    "test": "bun test --preload ./src/tests/bunSetup.ts --update-snapshots",
     "test:ci": "bun test --preload ./src/tests/bunSetup.ts",
     "updateSnapshot": "bun test --update-snapshots"
   },
   "types": "dist/index.d.ts",
-  "version": "0.3.1"
+  "version": "0.4.2"
 }

package/src/api.ts

@@ -992,9 +992,12 @@ function _buildModelRouter<T>(model: Model<T>, options: ModelRouterOptions<T>):
       });
     }
 
+    const field = req.params.field as string;
+    const itemId = req.params.itemId as string;
+
     // We apply the operation *before* the hooks. As far as the callers are concerned, this should
     // be like PATCHing the field and replacing the whole thing.
-    if (operation !== "DELETE" && req.body[req.params.field] === undefined) {
+    if (operation !== "DELETE" && req.body[field] === undefined) {
       throw new APIError({
         status: 400,
         title: `Malformed body, array operations should have a single, top level key, got: ${Object.keys(
@@ -1003,28 +1006,26 @@ function _buildModelRouter<T>(model: Model<T>, options: ModelRouterOptions<T>):
       });
     }
 
-    const field = req.params.field;
-
     const array = [...doc[field]];
     if (operation === "POST") {
       array.push(req.body[field]);
     } else if (operation === "PATCH" || operation === "DELETE") {
       // Check for subschema vs String array:
       let index;
-      if (isValidObjectId(req.params.itemId)) {
-        index = array.findIndex((x: any) => x.id === req.params.itemId);
+      if (isValidObjectId(itemId)) {
+        index = array.findIndex((x: any) => x.id === itemId);
       } else {
-        index = array.findIndex((x: string) => x === req.params.itemId);
+        index = array.findIndex((x: string) => x === itemId);
       }
       if (index === -1) {
         throw new APIError({
           status: 404,
-          title: `Could not find ${field}/${req.params.itemId}`,
+          title: `Could not find ${field}/${itemId}`,
         });
       }
       // For PATCHing an item by ID, we need to merge the objects so we don't override the _id or
       // other parts of the subdocument.
-      if (operation === "PATCH" && isValidObjectId(req.params.itemId)) {
+      if (operation === "PATCH" && isValidObjectId(itemId)) {
         Object.assign(array[index], req.body[field]);
       } else if (operation === "PATCH") {
         // For PATCHing a string array, we can replace the whole object.

package/src/betterAuthSetup.ts

@@ -87,7 +87,7 @@ export const createBetterAuth = (options: CreateBetterAuthOptions): BetterAuthIn
     trustedOrigins: config.trustedOrigins ?? [],
   });
 
-  return auth;
+  return auth as any;
 };
 
 /**
@@ -205,7 +205,7 @@ export const mountBetterAuthRoutes = (
   const handler = toNodeHandler(auth);
 
   // Mount at the base path with wildcard
-  app.all(`${basePath}/*`, (req, res) => {
+  app.all(`${basePath}/*path`, (req, res) => {
     return handler(req, res);
   });