db-model-router 1.0.5 → 1.0.7

package/src/cli/saas/generate-saas-models.js

@@ -0,0 +1,211 @@
+"use strict";
+
+/**
+ * SaaS model generator.
+ *
+ * Generates model files for all SaaS tables following the existing
+ * `generateModelFile` pattern with `model(db, table, structure, pk, unique, option)`.
+ * Models are adapter-agnostic (validation rules, not SQL types).
+ */
+
+// ---------------------------------------------------------------------------
+// Model Definitions
+// ---------------------------------------------------------------------------
+
+/**
+ * SaaS model definitions in the format expected by the model system.
+ * Each entry defines: table name, structure (validation rules), primary key,
+ * unique constraints, and option (timestamp columns).
+ */
+const MODEL_DEFINITIONS = [
+  {
+    table: "tenants",
+    structure: {
+      name: "required|string",
+      slug: "required|string",
+      attributes: "object",
+    },
+    primary_key: "tenant_id",
+    unique: ["slug"],
+    option: { created_at: "created_at", modified_at: "modified_at" },
+  },
+  {
+    table: "roles",
+    structure: {
+      tenant_id: "integer",
+      name: "required|string",
+    },
+    primary_key: "role_id",
+    unique: ["tenant_id", "name"],
+    option: { created_at: "created_at", modified_at: "modified_at" },
+  },
+  {
+    table: "users",
+    structure: {
+      email: "required|string",
+      phone: "string",
+      password_hash: "required|string",
+      name: "required|string",
+      unique_attribute: "required|string",
+      tenant_id: "integer",
+      role_id: "required|integer",
+      attributes: "object",
+    },
+    primary_key: "user_id",
+    unique: ["tenant_id", "unique_attribute"],
+    option: { created_at: "created_at", modified_at: "modified_at" },
+  },
+  {
+    table: "role_permissions",
+    structure: {
+      role_id: "required|integer",
+      permission: "required|object",
+    },
+    primary_key: "role_permission_id",
+    unique: ["role_permission_id"],
+    option: { created_at: "created_at", modified_at: "modified_at" },
+  },
+  {
+    table: "webhooks",
+    structure: {
+      tenant_id: "required|integer",
+      url: "required|string",
+      key: "required|string",
+      secret: "required|string",
+    },
+    primary_key: "webhook_id",
+    unique: ["webhook_id"],
+    option: { created_at: "created_at", modified_at: "modified_at" },
+  },
+  {
+    table: "webhook_logs",
+    structure: {
+      webhook_id: "required|integer",
+      tenant_id: "required|integer",
+      event_type: "required|string",
+      payload: "required|object",
+      status: "required|string",
+      response_body: "string",
+      response_status_code: "integer",
+    },
+    primary_key: "webhook_log_id",
+    unique: ["webhook_log_id"],
+    option: { created_at: "created_at" },
+  },
+];
+
+// ---------------------------------------------------------------------------
+// Code Generation
+// ---------------------------------------------------------------------------
+
+/**
+ * Generate the content of a single model file following the existing pattern.
+ *
+ * @param {object} def - Model definition object
+ * @returns {string} Generated model file content
+ */
+function generateModelContent(def) {
+  const varName = def.table;
+  const structStr = JSON.stringify(def.structure, null, 4);
+  const uniqueStr = JSON.stringify(def.unique);
+
+  const optionParts = [];
+  if (def.option.created_at)
+    optionParts.push(`created_at: "${def.option.created_at}"`);
+  if (def.option.modified_at)
+    optionParts.push(`modified_at: "${def.option.modified_at}"`);
+  const optionStr = `{ ${optionParts.join(", ")} }`;
+
+  return `import dbModelRouter from "db-model-router";
+
+const { db, model } = dbModelRouter;
+
+const ${varName} = model(
+  db,
+  "${def.table}",
+  ${structStr},
+  "${def.primary_key}",
+  ${uniqueStr},
+  ${optionStr},
+);
+
+export default ${varName};
+`;
+}
+
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+
+/**
+ * Generate model files for all SaaS tables.
+ *
+ * @param {string} adapter - Database adapter name (accepted for API consistency, not used for model content)
+ * @param {string[]} [additionalTables] - Additional table names from dbmr schema to include in models/index.js
+ * @returns {Array<{ relPath: string, content: string }>}
+ */
+function generateSaasModels(adapter, additionalTables) {
+  const results = [];
+
+  for (const def of MODEL_DEFINITIONS) {
+    results.push({
+      relPath: `models/${def.table}.js`,
+      content: generateModelContent(def),
+    });
+  }
+
+  // Generate models/index.js that re-exports all models (SaaS + dbmr) as named exports
+  results.push({
+    relPath: "models/index.js",
+    content: generateModelsIndex(additionalTables || []),
+  });
+
+  return results;
+}
+
+/**
+ * Generate the models/index.js barrel file.
+ * Imports all SaaS models and any additional dbmr schema models,
+ * then re-exports them all as named exports.
+ *
+ * @param {string[]} additionalTables - Additional table names from dbmr schema
+ * @returns {string}
+ */
+function generateModelsIndex(additionalTables) {
+  const saasTableNames = MODEL_DEFINITIONS.map((def) => def.table);
+  // Filter out dbmr tables that overlap with SaaS tables
+  const dbmrTables = (additionalTables || []).filter(
+    (t) => !saasTableNames.includes(t),
+  );
+
+  let code = "";
+  // SaaS model imports
+  for (const def of MODEL_DEFINITIONS) {
+    code += `import ${def.table} from "./${def.table}.js";\n`;
+  }
+  // dbmr schema model imports
+  for (const table of dbmrTables) {
+    code += `import ${safeVarName(table)} from "./${table}.js";\n`;
+  }
+
+  code += "\nexport {\n";
+  for (const def of MODEL_DEFINITIONS) {
+    code += `  ${def.table},\n`;
+  }
+  for (const table of dbmrTables) {
+    code += `  ${safeVarName(table)},\n`;
+  }
+  code += "};\n";
+  return code;
+}
+
+function safeVarName(name) {
+  if (/^[a-zA-Z_$][a-zA-Z0-9_$]*$/.test(name)) return name;
+  return name.replace(/[^a-zA-Z0-9_$]/g, "_");
+}
+
+module.exports = {
+  generateSaasModels,
+  generateModelContent,
+  MODEL_DEFINITIONS,
+};

package/src/cli/saas/generate-saas-openapi.js

@@ -0,0 +1,419 @@
+"use strict";
+
+/**
+ * SaaS OpenAPI spec generator.
+ *
+ * Generates OpenAPI 3.0 paths and schemas for the SaaS-specific routes:
+ * - Auth routes (login, logout)
+ * - CRUD routes for users, tenants, roles with middleware annotations
+ * - Nested role_permissions routes
+ *
+ * This is merged into the main openapi.json alongside schema-generated paths.
+ */
+
+const { MODEL_DEFINITIONS } = require("./generate-saas-models");
+
+/**
+ * Generate the SaaS portion of the OpenAPI spec.
+ * Returns paths and schemas to be merged into the main spec.
+ *
+ * @returns {{ paths: object, schemas: object, securitySchemes: object }}
+ */
+function generateSaasOpenAPIPaths() {
+  const paths = {};
+  const schemas = {};
+
+  // --- Security scheme ---
+  const securitySchemes = {
+    sessionAuth: {
+      type: "apiKey",
+      in: "cookie",
+      name: "connect.sid",
+      description: "Session cookie authentication",
+    },
+  };
+
+  const security = [{ sessionAuth: [] }];
+
+  // --- Auth routes ---
+  paths["/api/auth/login"] = {
+    post: {
+      tags: ["auth"],
+      summary: "Login and create session",
+      description:
+        "Authenticate with email and password. On success, populates session with user, role, and permissions.",
+      requestBody: {
+        required: true,
+        content: {
+          "application/json": {
+            schema: {
+              type: "object",
+              required: ["email", "password"],
+              properties: {
+                email: {
+                  type: "string",
+                  format: "email",
+                  description: "User email address",
+                },
+                password: { type: "string", description: "User password" },
+              },
+            },
+          },
+        },
+      },
+      responses: {
+        200: {
+          description: "Login successful",
+          content: {
+            "application/json": {
+              schema: {
+                type: "object",
+                properties: {
+                  message: { type: "string", example: "Login successful" },
+                  user: {
+                    type: "object",
+                    properties: {
+                      id: { type: "integer" },
+                      email: { type: "string" },
+                      name: { type: "string" },
+                    },
+                  },
+                },
+              },
+            },
+          },
+        },
+        401: { description: "Invalid credentials" },
+        500: { description: "Internal server error" },
+      },
+    },
+  };
+
+  paths["/api/auth/logout"] = {
+    post: {
+      tags: ["auth"],
+      summary: "Logout and destroy session",
+      description: "Destroys the current session. Requires authentication.",
+      security,
+      responses: {
+        200: {
+          description: "Logout successful",
+          content: {
+            "application/json": {
+              schema: {
+                type: "object",
+                properties: {
+                  message: { type: "string", example: "Logout successful" },
+                },
+              },
+            },
+          },
+        },
+        401: { description: "Unauthorized - no valid session" },
+        500: { description: "Failed to destroy session" },
+      },
+    },
+  };
+
+  // --- SaaS CRUD routes ---
+  const crudTables = [
+    { table: "users", tag: "users", prefix: "/api/users", module: "users" },
+    {
+      table: "tenants",
+      tag: "tenants",
+      prefix: "/api/tenants",
+      module: "tenants",
+    },
+    { table: "roles", tag: "roles", prefix: "/api/roles", module: "roles" },
+  ];
+
+  for (const { table, tag, prefix, module } of crudTables) {
+    const modelDef = MODEL_DEFINITIONS.find((m) => m.table === table);
+    if (!modelDef) continue;
+
+    const pk = modelDef.primary_key;
+    const schemaName = capitalize(table);
+
+    // Build schema
+    const properties = {};
+    const required = [];
+    properties[pk] = { type: "integer", description: "Primary key" };
+    for (const [col, rule] of Object.entries(modelDef.structure)) {
+      const parsed = parseRule(rule);
+      properties[col] = { type: parsed.type };
+      if (parsed.required) required.push(col);
+    }
+    schemas[schemaName] = {
+      type: "object",
+      properties,
+      ...(required.length > 0 ? { required } : {}),
+    };
+
+    const ref = { $ref: `#/components/schemas/${schemaName}` };
+
+    // GET / - List
+    paths[`${prefix}/`] = {
+      get: {
+        tags: [tag],
+        summary: `List ${table}`,
+        description: `List all ${table}. Requires authentication, tenant isolation, and ${module}:read permission.`,
+        security,
+        parameters: [
+          {
+            name: "page",
+            in: "query",
+            schema: { type: "integer", default: 0 },
+          },
+          {
+            name: "size",
+            in: "query",
+            schema: { type: "integer", default: 30 },
+          },
+        ],
+        responses: {
+          200: {
+            description: "Success",
+            content: {
+              "application/json": {
+                schema: {
+                  type: "object",
+                  properties: {
+                    data: { type: "array", items: ref },
+                    count: { type: "integer" },
+                  },
+                },
+              },
+            },
+          },
+          401: { description: "Unauthorized" },
+          403: { description: "Forbidden - insufficient permissions" },
+        },
+      },
+      post: {
+        tags: [tag],
+        summary: `Create ${table.replace(/s$/, "")}`,
+        description: `Create a new ${table.replace(/s$/, "")}. Requires authentication, tenant isolation, and ${module}:write permission.`,
+        security,
+        requestBody: {
+          required: true,
+          content: { "application/json": { schema: ref } },
+        },
+        responses: {
+          201: {
+            description: "Created",
+            content: { "application/json": { schema: ref } },
+          },
+          401: { description: "Unauthorized" },
+          403: { description: "Forbidden - insufficient permissions" },
+          500: { description: "Internal server error" },
+        },
+      },
+    };
+
+    // GET /:id, PUT /:id, DELETE /:id
+    paths[`${prefix}/{${pk}}`] = {
+      get: {
+        tags: [tag],
+        summary: `Get ${table.replace(/s$/, "")} by ID`,
+        description: `Get a single ${table.replace(/s$/, "")} by ${pk}. Requires ${module}:read permission.`,
+        security,
+        parameters: [
+          { name: pk, in: "path", required: true, schema: { type: "integer" } },
+        ],
+        responses: {
+          200: {
+            description: "Success",
+            content: { "application/json": { schema: ref } },
+          },
+          401: { description: "Unauthorized" },
+          403: { description: "Forbidden" },
+          404: { description: "Not found" },
+        },
+      },
+      put: {
+        tags: [tag],
+        summary: `Update ${table.replace(/s$/, "")}`,
+        description: `Update a ${table.replace(/s$/, "")} by ${pk}. Requires ${module}:update permission.`,
+        security,
+        parameters: [
+          { name: pk, in: "path", required: true, schema: { type: "integer" } },
+        ],
+        requestBody: {
+          required: true,
+          content: { "application/json": { schema: ref } },
+        },
+        responses: {
+          200: {
+            description: "Updated",
+            content: { "application/json": { schema: ref } },
+          },
+          401: { description: "Unauthorized" },
+          403: { description: "Forbidden" },
+          404: { description: "Not found" },
+        },
+      },
+      delete: {
+        tags: [tag],
+        summary: `Delete ${table.replace(/s$/, "")}`,
+        description: `Delete a ${table.replace(/s$/, "")} by ${pk}. Requires ${module}:delete permission.`,
+        security,
+        parameters: [
+          { name: pk, in: "path", required: true, schema: { type: "integer" } },
+        ],
+        responses: {
+          200: { description: "Deleted" },
+          401: { description: "Unauthorized" },
+          403: { description: "Forbidden" },
+          404: { description: "Not found" },
+        },
+      },
+    };
+  }
+
+  // --- Nested role_permissions routes ---
+  const rpDef = MODEL_DEFINITIONS.find((m) => m.table === "role_permissions");
+  if (rpDef) {
+    const rpPk = rpDef.primary_key;
+    const rpSchemaName = "RolePermission";
+    const rpProperties = {};
+    const rpRequired = [];
+    rpProperties[rpPk] = { type: "integer", description: "Primary key" };
+    for (const [col, rule] of Object.entries(rpDef.structure)) {
+      const parsed = parseRule(rule);
+      rpProperties[col] = { type: parsed.type };
+      if (parsed.required) rpRequired.push(col);
+    }
+    schemas[rpSchemaName] = {
+      type: "object",
+      properties: rpProperties,
+      ...(rpRequired.length > 0 ? { required: rpRequired } : {}),
+    };
+    const rpRef = { $ref: `#/components/schemas/${rpSchemaName}` };
+
+    const rpPrefix = "/api/roles/{role_id}/permissions";
+    const roleIdParam = {
+      name: "role_id",
+      in: "path",
+      required: true,
+      schema: { type: "integer" },
+      description: "Role ID",
+    };
+
+    paths[`${rpPrefix}/`] = {
+      get: {
+        tags: ["permissions"],
+        summary: "List permissions for a role",
+        description:
+          "List all permission entries for a specific role. Requires permissions:read.",
+        security,
+        parameters: [roleIdParam],
+        responses: {
+          200: {
+            description: "Success",
+            content: {
+              "application/json": {
+                schema: {
+                  type: "object",
+                  properties: { data: { type: "array", items: rpRef } },
+                },
+              },
+            },
+          },
+          401: { description: "Unauthorized" },
+          403: { description: "Forbidden" },
+        },
+      },
+      post: {
+        tags: ["permissions"],
+        summary: "Add permission to role",
+        description:
+          "Create a new permission entry for a role. Requires permissions:write.",
+        security,
+        parameters: [roleIdParam],
+        requestBody: {
+          required: true,
+          content: { "application/json": { schema: rpRef } },
+        },
+        responses: {
+          201: {
+            description: "Created",
+            content: { "application/json": { schema: rpRef } },
+          },
+          401: { description: "Unauthorized" },
+          403: { description: "Forbidden" },
+        },
+      },
+    };
+
+    paths[`${rpPrefix}/{${rpPk}}`] = {
+      put: {
+        tags: ["permissions"],
+        summary: "Update a role permission",
+        description: `Update a permission entry by ${rpPk}. Requires permissions:update.`,
+        security,
+        parameters: [
+          roleIdParam,
+          {
+            name: rpPk,
+            in: "path",
+            required: true,
+            schema: { type: "integer" },
+          },
+        ],
+        requestBody: {
+          required: true,
+          content: { "application/json": { schema: rpRef } },
+        },
+        responses: {
+          200: {
+            description: "Updated",
+            content: { "application/json": { schema: rpRef } },
+          },
+          401: { description: "Unauthorized" },
+          403: { description: "Forbidden" },
+        },
+      },
+      delete: {
+        tags: ["permissions"],
+        summary: "Delete a role permission",
+        description: `Delete a permission entry by ${rpPk}. Requires permissions:delete.`,
+        security,
+        parameters: [
+          roleIdParam,
+          {
+            name: rpPk,
+            in: "path",
+            required: true,
+            schema: { type: "integer" },
+          },
+        ],
+        responses: {
+          200: { description: "Deleted" },
+          401: { description: "Unauthorized" },
+          403: { description: "Forbidden" },
+        },
+      },
+    };
+  }
+
+  return { paths, schemas, securitySchemes };
+}
+
+function parseRule(rule) {
+  const parts = rule.split("|");
+  const isRequired = parts.includes("required");
+  let type = "string";
+  for (const p of parts) {
+    if (p === "integer") type = "integer";
+    else if (p === "numeric") type = "number";
+    else if (p === "object") type = "object";
+    else if (p === "string") type = "string";
+  }
+  return { type, required: isRequired };
+}
+
+function capitalize(str) {
+  return str.charAt(0).toUpperCase() + str.slice(1);
+}
+
+module.exports = { generateSaasOpenAPIPaths };