npm - chadstart - Versions diffs - 1.0.3 → 1.0.4 - Mend

chadstart 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/core/api-generator.js CHANGED Viewed

@@ -310,10 +310,10 @@ function _apiKeyPermGuard(operation, entity) {
   return (req, res, next) => {
     if (!req._apiKeyPermissions) return next();
     const { operations, entities: keyEntities } = req._apiKeyPermissions;
-    if (operations && operations.length > 0 && !operations.includes(operation)) {
+    if (operations?.length && !operations.includes(operation)) {
       return res.status(403).json({ error: 'API key does not have permission for this operation' });
     }
-    if (keyEntities && keyEntities.length > 0 && !keyEntities.includes(entity.slug)) {
+    if (keyEntities?.length && !keyEntities.includes(entity.slug)) {
       return res.status(403).json({ error: 'API key does not have access to this entity' });
     }
     next();

package/core/auth.js CHANGED Viewed

@@ -16,6 +16,7 @@ const crypto = require('crypto');
 const jwt = require('jsonwebtoken');
 const bcrypt = require('bcryptjs');
 const db = require('./db');
+const { q: _q, DB_ENGINE: _DB_ENGINE } = db;
 const logger = require('../utils/logger');
 const API_KEY_PREFIX = 'cs_';
@@ -29,10 +30,6 @@ const JWT_SECRET = process.env.JWT_SECRET || process.env.TOKEN_SECRET_KEY || (()
 const JWT_EXPIRES = process.env.JWT_EXPIRES || '7d';
 const BCRYPT_ROUNDS = 10;
-// Quote an identifier for the current database engine (mirrors db.js helper)
-const _DB_ENGINE = (process.env.DB_ENGINE || 'sqlite').toLowerCase();
-function _q(name) { return _DB_ENGINE === 'mysql' ? `\`${name}\`` : `"${name}"`; }
 // Column types for the API keys table (must be indexable in all engines)
 const _ID_T   = _DB_ENGINE === 'mysql' ? 'VARCHAR(36)'   : 'TEXT';
 const _HASH_T = _DB_ENGINE === 'mysql' ? 'VARCHAR(64)'   : 'TEXT';

package/core/db.js CHANGED Viewed

@@ -552,6 +552,7 @@ async function closeDb() {
 }
 module.exports = {
+  DB_ENGINE, q, sqlType, idColType, authStrType, toPgPlaceholders,
   initDb, syncSchema, getDb, generateUUID, closeDb,
   exec, queryAll, queryOne, queryRun,
   findAll, findAllSimple, findById, create, update, remove,

package/core/file-storage.js CHANGED Viewed

@@ -4,6 +4,18 @@ const path = require('path');
 const fs = require('fs');
 const express = require('express');
 const logger = require('../utils/logger');
+const { sanitizeFilename } = require('./upload');
+// Lazy-load busboy (shared with upload.js)
+function getBusboy() {
+  try {
+    return require('busboy');
+  } catch {
+    throw new Error(
+      'busboy is required for file uploads. Install it with: npm install busboy'
+    );
+  }
+}
 /**
  * Register file storage routes for all buckets defined in core.files.
@@ -50,11 +62,7 @@ function registerFileRoutes(app, core) {
           file.resume();
           return;
         }
-        // Sanitize filename — strip directory traversal and disallow problematic characters
-        const safeName = path
-          .basename(filename)
-          .replace(/[^a-zA-Z0-9._-]/g, '_')
-          .replace(/^\.+/, '_');
+        const safeName = sanitizeFilename(filename);
         const dest = path.join(bucketPath, safeName);
         const writeStream = fs.createWriteStream(dest);
         file.pipe(writeStream);
@@ -84,14 +92,4 @@ function registerFileRoutes(app, core) {
   }
 }
-function getBusboy() {
-  try {
-    return require('busboy');
-  } catch {
-    throw new Error(
-      'busboy is required for file uploads. Install it with: npm install busboy'
-    );
-  }
-}
 module.exports = { registerFileRoutes };

package/core/migrations.js CHANGED Viewed

@@ -7,6 +7,7 @@ const YAML = require('yaml');
 const logger = require('../utils/logger');
 const { buildCore, toSnakeCase } = require('./entity-engine');
+const { DB_ENGINE, q, sqlType, idColType, authStrType } = require('./db');
 // ─── Git helpers ──────────────────────────────────────────────────────────────
@@ -46,58 +47,6 @@ function loadCurrentYaml(yamlPath) {
   return YAML.parse(fs.readFileSync(resolved, 'utf8'));
 }
-// ─── SQL generation helpers ───────────────────────────────────────────────────
-const DB_ENGINE = (process.env.DB_ENGINE || 'sqlite').toLowerCase();
-const SQL_TYPE_SQLITE = {
-  text: 'TEXT', string: 'TEXT', richText: 'TEXT',
-  integer: 'INTEGER', int: 'INTEGER',
-  number: 'REAL', float: 'REAL', real: 'REAL', money: 'REAL',
-  boolean: 'INTEGER', bool: 'INTEGER',
-  date: 'TEXT', timestamp: 'TEXT', email: 'TEXT', link: 'TEXT',
-  password: 'TEXT', choice: 'TEXT', location: 'TEXT',
-  file: 'TEXT', image: 'TEXT', group: 'TEXT', json: 'TEXT',
-};
-const SQL_TYPE_PG = {
-  text: 'TEXT', string: 'TEXT', richText: 'TEXT',
-  integer: 'INTEGER', int: 'INTEGER',
-  number: 'NUMERIC', float: 'NUMERIC', real: 'NUMERIC', money: 'NUMERIC',
-  boolean: 'BOOLEAN', bool: 'BOOLEAN',
-  date: 'TEXT', timestamp: 'TEXT', email: 'TEXT', link: 'TEXT',
-  password: 'TEXT', choice: 'TEXT', location: 'TEXT',
-  file: 'TEXT', image: 'TEXT', group: 'TEXT', json: 'TEXT',
-};
-const SQL_TYPE_MYSQL = {
-  text: 'TEXT', string: 'TEXT', richText: 'TEXT',
-  integer: 'INT', int: 'INT',
-  number: 'DECIMAL(15,4)', float: 'DECIMAL(15,4)', real: 'DECIMAL(15,4)', money: 'DECIMAL(15,4)',
-  boolean: 'TINYINT(1)', bool: 'TINYINT(1)',
-  date: 'TEXT', timestamp: 'TEXT', email: 'TEXT', link: 'TEXT',
-  password: 'TEXT', choice: 'TEXT', location: 'TEXT',
-  file: 'TEXT', image: 'TEXT', group: 'TEXT', json: 'TEXT',
-};
-function sqlType(type) {
-  if (DB_ENGINE === 'postgres') return SQL_TYPE_PG[type] || 'TEXT';
-  if (DB_ENGINE === 'mysql') return SQL_TYPE_MYSQL[type] || 'TEXT';
-  return SQL_TYPE_SQLITE[type] || 'TEXT';
-}
-function idColType() {
-  return DB_ENGINE === 'mysql' ? 'VARCHAR(36)' : 'TEXT';
-}
-function authStrType() {
-  return DB_ENGINE === 'mysql' ? 'VARCHAR(191)' : 'TEXT';
-}
-function q(name) {
-  if (DB_ENGINE === 'mysql') return `\`${name}\``;
-  return `"${name}"`;
-}
 // ─── Diff engine ──────────────────────────────────────────────────────────────

package/core/oauth.js CHANGED Viewed

@@ -15,7 +15,7 @@
 const crypto = require('crypto');
 const Grant = require('grant').express();
 const rateLimit = require('express-rate-limit');
-const { signToken } = require('./auth');
+const { signToken, omitPassword } = require('./auth');
 const db = require('./db');
 const logger = require('../utils/logger');
@@ -195,7 +195,7 @@ function registerOAuthRoutes(app, core, emit) {
         return res.redirect(`${successRedirect}${sep}token=${encodeURIComponent(token)}`);
       }
-      res.json({ token, user: _omitSensitive(user) });
+      res.json({ token, user: omitPassword(user) });
     } catch (e) {
       logger.error('OAuth callback error:', e.message);
       return _handleError(res, oauthConfig, e.message);
@@ -245,12 +245,6 @@ async function _findOrCreateOAuthUser(entity, { email, name, provider, providerI
   return created;
 }
-function _omitSensitive(user) {
-  if (!user) return null;
-  const { password: _, ...rest } = user;
-  return rest;
-}
 function _handleError(res, oauthConfig, message) {
   const errorRedirect = oauthConfig.errorRedirect;
   if (errorRedirect) {

package/core/seeder.js CHANGED Viewed

@@ -44,7 +44,7 @@ function fakeValueForProp(prop, idx, groups = {}) {
   const { name, type, options } = prop;
   const n = idx + 1;
-  if (options && Array.isArray(options) && options.length > 0) {
+  if (Array.isArray(options) && options.length) {
     return options[randomInt(0, options.length - 1)];
   }
@@ -184,7 +184,7 @@ async function seedAll(core) {
       for (const rel of entity.belongsTo || []) {
         const parentName = typeof rel === 'string' ? rel : (rel.entity || rel.name);
         const parentEntity = core.entities[parentName];
-        if (parentEntity && seededIds[parentName] && seededIds[parentName].length > 0) {
+        if (parentEntity && seededIds[parentName]?.length) {
           const fk = `${parentEntity.tableName}_id`;
           const parentIds = seededIds[parentName];
           record[fk] = parentIds[randomInt(0, parentIds.length - 1)];

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "chadstart",
-  "version": "1.0.3",
+  "version": "1.0.4",
   "description": "YAML-first Backend as a Service — define your entire backend in one YAML file",
   "main": "server/express-server.js",
   "bin": {