@vsaas/loopback 10.0.0

package/LICENSE

@@ -0,0 +1,25 @@
+Copyright (c) IBM Corp. 2013,2018. All Rights Reserved.
+Node module: loopback
+This project is licensed under the MIT License, full text below.
+
+--------
+
+MIT license
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

package/README.md

@@ -0,0 +1,91 @@
+# @vsaas/loopback
+
+`@vsaas/loopback` is a fork of `loopback` focused on keeping LoopBack 3 style applications running while reducing maintenance overhead.
+
+The goal of this fork is practical compatibility for the common upstream use cases, not byte-for-byte preservation of the original package. The internals were intentionally simplified and modernized:
+
+- TypeScript source with build output in `dist/`
+- English-only messages
+- no i18n catalogs or `strong-globalize`
+- no legacy browser bundling surface
+- public legacy subpaths preserved through `exports` even though the old root `.js` wrappers were removed
+- modern tooling with `tsdown`, `vitest`, and `oxlint`
+- callback-compatible APIs that continue to work with `Promise` and `async/await`
+
+## Installation
+
+```sh
+npm install @vsaas/loopback
+```
+
+If you are also using the related forks, pair it with `@vsaas/loopback-boot`, `@vsaas/loopback-datasource-juggler`, and `@vsaas/remoting`.
+
+## Quick start
+
+```js
+const loopback = require('@vsaas/loopback');
+
+const app = loopback();
+
+app.dataSource('db', {
+  connector: 'memory',
+});
+
+const Product = app.registry.createModel('Product', {
+  name: String,
+  price: Number,
+});
+
+app.model(Product, {
+  dataSource: 'db',
+  public: true,
+});
+
+app.use('/api', loopback.rest());
+app.listen(3000);
+```
+
+## Scope
+
+This package still provides the main building blocks existing `loopback` users expect:
+
+- the LoopBack application factory and Express integration
+- built-in models such as `User`, `AccessToken`, `ACL`, `Role`, and `Application`
+- registry, datasource, and model wiring on top of `@vsaas/loopback-datasource-juggler`
+- REST middleware and remoting integration used by LoopBack 3 applications
+- compatibility with `loopback-boot` application layouts and convention-based model loading
+
+If you are migrating an existing codebase, the intent is that the public API should feel familiar even though the implementation is leaner.
+
+## Supported Surface
+
+The supported application-facing surface intentionally includes:
+
+- the main entrypoint: `require('@vsaas/loopback')`
+- application creation via `loopback()`
+- middleware exports such as `loopback.rest()`, `loopback.static()`, `loopback.token()`, `loopback.status()`, `loopback.urlNotFound()`, and `loopback.favicon()`
+- built-in models, registry helpers, and datasource helpers exposed from the main module
+- package subpaths used by LoopBack 3 apps and boot scripts: `@vsaas/loopback/common/models/*.json`, `@vsaas/loopback/common/models/*.js`, `@vsaas/loopback/lib/*.js`, and `@vsaas/loopback/server/middleware/*.js`
+
+Those legacy-looking `.js` subpaths are still supported for compatibility, but they now resolve to compiled files in `dist/` via `package.json` exports.
+
+## Notes for Fork Users
+
+- This is a maintained fork, not the upstream package.
+- Messages are English-only by design.
+- The old root runtime wrappers were removed as implementation details, but supported package entrypoints remain exported.
+- Browser-specific packaging from upstream is not part of the maintained surface.
+- The test entrypoint is `vitest`, while the large legacy suite still runs underneath for compatibility.
+
+## Development
+
+```bash
+npm run build
+npm run typecheck
+npm run lint
+npm test
+```
+
+## License
+
+MIT. See [LICENSE](./LICENSE).

package/common/models/README.md

@@ -0,0 +1,109 @@
+# Application
+
+Application model represents the metadata for a client application that has its
+own identity and associated configuration with the LoopBack server.
+
+## Each application has the following basic properties:
+
+- id: Automatically generated id
+- name: Name of the application (required)
+- description: Description of the application (optional)
+- icon: URL of the icon
+- status: Status of the application, such as production/sandbox/disabled
+- created: Timestamp of the record being created
+- modified: Timestamp of the record being modified
+
+## An application has the following properties linking to users:
+
+- owner: The user id of the developer who registers the application
+- collaborators: A array of users ids who have permissions to work on this app
+
+## oAuth 2.0 settings
+
+- url: The application url
+- callbackUrls: An array of preregistered callback urls for oAuth 2.0
+- permissions: An array of oAuth 2.0 scopes that can be requested by the application
+
+## Security keys
+
+The following keys are automatically generated by the application creation
+process. They can be reset upon request.
+
+- clientKey: Secret for mobile clients
+- javaScriptKey: Secret for JavaScript clients
+- restApiKey: Secret for REST APIs
+- windowsKey: Secret for Windows applications
+- masterKey: Secret for REST APIS. It bypasses model level permissions
+
+## Push notification settings
+
+The application can be configured to support multiple methods of push notifications.
+
+- pushSettings
+
+  pushSettings: {
+  apns: {
+  certData: config.apnsCertData,
+  keyData: config.apnsKeyData,
+  production: false, // Development mode
+  pushOptions: {
+  // Extra options can go here for APN
+  },
+  feedbackOptions: {
+  batchFeedback: true,
+  interval: 300
+  }
+  },
+  gcm: {
+  serverApiKey: config.gcmServerApiKey
+  }
+  }
+
+## Authentication schemes
+
+- authenticationEnabled
+- anonymousAllowed
+- authenticationSchemes
+
+### Authentication scheme settings
+
+- scheme: Name of the authentication scheme, such as local, facebook, google,
+  twitter, linkedin, github
+- credential: Scheme-specific credentials
+
+## APIs for Application model
+
+In addition to the CRUD methods, the Application model also has the following
+apis:
+
+### Register a new application
+
+You can register a new application by providing the owner user id, application
+name, and other properties in the options object.
+
+    Application.register('rfeng', 'MyApp1',
+        {description: 'My first loopback application'},
+        function (err, result) {
+            var app = result;
+        ...
+    });
+
+### Reset keys
+
+You can reset keys for a given application by id.
+
+    Application.resetKeys(appId, function (err, result) {
+        var app = result;
+        ...
+    });
+
+### Authenticate by appId and key
+
+You can authenticate an application by id and one of the keys. If successful,
+it calls back with the key name in the result argument. Otherwise, the
+keyName is null.
+
+    Application.authenticate(appId, clientKey, function (err, keyName) {
+            assert.equal(keyName, 'clientKey');
+            ...
+    });

package/common/models/access-token.json

@@ -0,0 +1,37 @@
+{
+  "name": "AccessToken",
+  "properties": {
+    "id": {
+      "type": "string",
+      "id": true
+    },
+    "ttl": {
+      "type": "number",
+      "ttl": true,
+      "default": 1209600,
+      "description": "time to live in seconds (2 weeks by default)"
+    },
+    "scopes": {
+      "type": ["string"],
+      "description": "Array of scopes granted to this access token."
+    },
+    "created": {
+      "type": "Date",
+      "defaultFn": "now"
+    }
+  },
+  "relations": {
+    "user": {
+      "type": "belongsTo",
+      "model": "User",
+      "foreignKey": "userId"
+    }
+  },
+  "acls": [
+    {
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "DENY"
+    }
+  ]
+}

package/common/models/acl.json

@@ -0,0 +1,17 @@
+{
+  "name": "ACL",
+  "properties": {
+    "model": {
+      "type": "string",
+      "description": "The name of the model"
+    },
+    "property": {
+      "type": "string",
+      "description": "The name of the property, method, scope, or relation"
+    },
+    "accessType": "string",
+    "permission": "string",
+    "principalType": "string",
+    "principalId": "string"
+  }
+}

package/common/models/application.json

@@ -0,0 +1,130 @@
+{
+  "name": "Application",
+  "properties": {
+    "id": {
+      "type": "string",
+      "id": true
+    },
+    "realm": {
+      "type": "string"
+    },
+    "name": {
+      "type": "string",
+      "required": true
+    },
+    "description": "string",
+    "icon": {
+      "type": "string",
+      "description": "The icon image url"
+    },
+
+    "owner": {
+      "type": "string",
+      "description": "The user id of the developer who registers the application"
+    },
+    "collaborators": {
+      "type": ["string"],
+      "description": "A list of users ids who have permissions to work on this app"
+    },
+
+    "email": "string",
+    "emailVerified": "boolean",
+
+    "url": {
+      "type": "string",
+      "description": "The application URL for OAuth 2.0"
+    },
+    "callbackUrls": {
+      "type": ["string"],
+      "description": "OAuth 2.0 code/token callback URLs"
+    },
+    "permissions": {
+      "type": ["string"],
+      "description": "A list of permissions required by the application"
+    },
+
+    "clientKey": "string",
+    "javaScriptKey": "string",
+    "restApiKey": "string",
+    "windowsKey": "string",
+    "masterKey": "string",
+
+    "pushSettings": {
+      "apns": {
+        "production": {
+          "type": "boolean",
+          "description": [
+            "Production or development mode. It denotes what default APNS",
+            "servers to be used to send notifications.",
+            "See API documentation for more details."
+          ]
+        },
+
+        "certData": {
+          "type": "string",
+          "description": "The certificate data loaded from the cert.pem file"
+        },
+        "keyData": {
+          "type": "string",
+          "description": "The key data loaded from the key.pem file"
+        },
+
+        "pushOptions": {
+          "type": {
+            "gateway": "string",
+            "port": "number"
+          }
+        },
+
+        "feedbackOptions": {
+          "type": {
+            "gateway": "string",
+            "port": "number",
+            "batchFeedback": "boolean",
+            "interval": "number"
+          }
+        }
+      },
+
+      "gcm": {
+        "serverApiKey": "string"
+      }
+    },
+
+    "authenticationEnabled": {
+      "type": "boolean",
+      "default": true
+    },
+    "anonymousAllowed": {
+      "type": "boolean",
+      "default": true
+    },
+    "authenticationSchemes": [
+      {
+        "scheme": {
+          "type": "string",
+          "description": "See the API docs for the list of supported values."
+        },
+        "credential": {
+          "type": "object",
+          "description": "Scheme-specific credentials"
+        }
+      }
+    ],
+
+    "status": {
+      "type": "string",
+      "default": "sandbox",
+      "description": "Status of the application, production/sandbox/disabled"
+    },
+
+    "created": {
+      "type": "date",
+      "defaultFn": "now"
+    },
+    "modified": {
+      "type": "date",
+      "defaultFn": "now"
+    }
+  }
+}

package/common/models/change.json

@@ -0,0 +1,25 @@
+{
+  "name": "Change",
+  "trackChanges": false,
+  "properties": {
+    "id": {
+      "type": "string",
+      "id": true
+    },
+    "rev": {
+      "type": "string"
+    },
+    "prev": {
+      "type": "string"
+    },
+    "checkpoint": {
+      "type": "number"
+    },
+    "modelName": {
+      "type": "string"
+    },
+    "modelId": {
+      "type": "string"
+    }
+  }
+}

package/common/models/checkpoint.json

@@ -0,0 +1,14 @@
+{
+  "name": "Checkpoint",
+  "properties": {
+    "seq": {
+      "type": "number"
+    },
+    "time": {
+      "type": "date"
+    },
+    "sourceId": {
+      "type": "string"
+    }
+  }
+}

package/common/models/email.json

@@ -0,0 +1,11 @@
+{
+  "name": "Email",
+  "base": "Model",
+  "properties": {
+    "to": { "type": "String", "required": true },
+    "from": { "type": "String", "required": true },
+    "subject": { "type": "String", "required": true },
+    "text": { "type": "String" },
+    "html": { "type": "String" }
+  }
+}

package/common/models/key-value-model.json

@@ -0,0 +1,4 @@
+{
+  "name": "KeyValueModel",
+  "base": "Model"
+}

package/common/models/role-mapping.json

@@ -0,0 +1,26 @@
+{
+  "name": "RoleMapping",
+  "description": "Map principals to roles",
+  "properties": {
+    "id": {
+      "type": "string",
+      "id": true,
+      "generated": true
+    },
+    "principalType": {
+      "type": "string",
+      "description": "The principal type, such as USER, APPLICATION, ROLE, or user model name in case of multiple user models"
+    },
+    "principalId": {
+      "type": "string",
+      "index": true
+    }
+  },
+  "relations": {
+    "role": {
+      "type": "belongsTo",
+      "model": "Role",
+      "foreignKey": "roleId"
+    }
+  }
+}

package/common/models/role.json

@@ -0,0 +1,30 @@
+{
+  "name": "Role",
+  "properties": {
+    "id": {
+      "type": "string",
+      "id": true,
+      "generated": true
+    },
+    "name": {
+      "type": "string",
+      "required": true
+    },
+    "description": "string",
+    "created": {
+      "type": "date",
+      "defaultFn": "now"
+    },
+    "modified": {
+      "type": "date",
+      "defaultFn": "now"
+    }
+  },
+  "relations": {
+    "principals": {
+      "type": "hasMany",
+      "model": "RoleMapping",
+      "foreignKey": "roleId"
+    }
+  }
+}

package/common/models/scope.json

@@ -0,0 +1,14 @@
+{
+  "name": "Scope",
+  "description": [
+    "Schema for Scope which represents the permissions that are granted",
+    "to client applications by the resource owner"
+  ],
+  "properties": {
+    "name": {
+      "type": "string",
+      "required": true
+    },
+    "description": "string"
+  }
+}

package/common/models/user.json

@@ -0,0 +1,118 @@
+{
+  "name": "User",
+  "properties": {
+    "realm": {
+      "type": "string"
+    },
+    "username": {
+      "type": "string"
+    },
+    "password": {
+      "type": "string",
+      "required": true
+    },
+    "email": {
+      "type": "string",
+      "required": true
+    },
+    "emailVerified": "boolean",
+    "verificationToken": "string"
+  },
+  "options": {
+    "caseSensitiveEmail": true
+  },
+  "hidden": ["password", "verificationToken"],
+  "acls": [
+    {
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "DENY"
+    },
+    {
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "ALLOW",
+      "property": "create"
+    },
+    {
+      "principalType": "ROLE",
+      "principalId": "$owner",
+      "permission": "ALLOW",
+      "property": "deleteById"
+    },
+    {
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "ALLOW",
+      "property": "login"
+    },
+    {
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "ALLOW",
+      "property": "logout"
+    },
+    {
+      "principalType": "ROLE",
+      "principalId": "$owner",
+      "permission": "ALLOW",
+      "property": "findById"
+    },
+    {
+      "principalType": "ROLE",
+      "principalId": "$owner",
+      "permission": "ALLOW",
+      "property": "patchAttributes"
+    },
+    {
+      "principalType": "ROLE",
+      "principalId": "$owner",
+      "permission": "ALLOW",
+      "property": "replaceById"
+    },
+    {
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "ALLOW",
+      "property": "verify",
+      "accessType": "EXECUTE"
+    },
+    {
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "ALLOW",
+      "property": "confirm"
+    },
+    {
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "ALLOW",
+      "property": "resetPassword",
+      "accessType": "EXECUTE"
+    },
+    {
+      "principalType": "ROLE",
+      "principalId": "$authenticated",
+      "permission": "ALLOW",
+      "property": "changePassword",
+      "accessType": "EXECUTE"
+    },
+    {
+      "principalType": "ROLE",
+      "principalId": "$authenticated",
+      "permission": "ALLOW",
+      "property": "setPassword",
+      "accessType": "EXECUTE"
+    }
+  ],
+  "relations": {
+    "accessTokens": {
+      "type": "hasMany",
+      "model": "AccessToken",
+      "foreignKey": "userId",
+      "options": {
+        "disableInclude": true
+      }
+    }
+  }
+}