db-model-router 1.0.6 → 1.0.8

package/src/cli/generate-route.js

@@ -26,17 +26,63 @@ function safeVarName(name) {
 function generateRouteFile(tableName, modelsRelPath) {
   const varName = safeVarName(tableName);
   return `import dbModelRouter from "db-model-router";
-import ${varName} from "${modelsRelPath}/${tableName}.js";
+import express from "express";
+import { ${varName} } from "#models";
+
+const router = express.Router({ mergeParams: true });
+const { route } = dbModelRouter;
+
+router.use("/", route(${varName}));
+
+export default router;
+`;
+}
+
+/**
+ * Generate a parent route file that includes its own CRUD and mounts child routes.
+ * e.g., routes/orders/index.js mounts order_items under /:order_id/items
+ *
+ * @param {string} tableName - Parent table name
+ * @param {Array<{child, foreignKey}>} children - Child relationships for this parent
+ * @returns {string}
+ */
+function generateParentRouteFile(tableName, children) {
+  const varName = safeVarName(tableName);
+  let code = `import dbModelRouter from "db-model-router";
+import express from "express";
+import { ${varName} } from "#models";
+`;
+
+  // Import child routes
+  for (const child of children) {
+    const childVar = safeVarName(child.child);
+    code += `import ${childVar}Route from "./${child.child}/index.js";\n`;
+  }
 
+  code += `
+const router = express.Router({ mergeParams: true });
 const { route } = dbModelRouter;
 
-export default route(${varName});
 `;
+
+  // Mount child routes BEFORE own CRUD to prevent path clashing
+  for (const child of children) {
+    const childVar = safeVarName(child.child);
+    code += `router.use("/:${child.foreignKey}/${child.child}", ${childVar}Route);\n`;
+  }
+
+  code += `
+// CRUD routes for ${tableName}
+router.use("/", route(${varName}));
+
+export default router;
+`;
+  return code;
 }
 
 /**
  * Generate a child route file that scopes queries by parent FK.
- * e.g., posts/:post_id/comments — filters comments where post_id = :post_id
+ * e.g., routes/orders/items/index.js — filters items where order_id = :order_id
  */
 function generateChildRouteFile(
   childTable,
@@ -46,12 +92,16 @@ function generateChildRouteFile(
 ) {
   const varName = safeVarName(childTable);
   return `import dbModelRouter from "db-model-router";
-import ${varName} from "${modelsRelPath}/${childTable}.js";
+import express from "express";
+import { ${varName} } from "#models";
 
+const router = express.Router({ mergeParams: true });
 const { route } = dbModelRouter;
 
 // Child route: scoped by parent ${parentTable} via ${fkColumn}
-export default route(${varName}, { ${fkColumn}: "params.${fkColumn}" });
+router.use("/", route(${varName}, { ${fkColumn}: "params.${fkColumn}" }));
+
+export default router;
 `;
 }
 
@@ -67,7 +117,7 @@ export default route(${varName}, { ${fkColumn}: "params.${fkColumn}" });
  * @param {{ includeDocs?: boolean }} [options]
  */
 function generateRoutesIndexFile(tableNames, relationships = [], options = {}) {
-  let imports = `import express from "express";\n\nconst router = express.Router();\n\n`;
+  let imports = `import express from "express";\n\nconst router = express.Router({ mergeParams: true });\n\n`;
 
   // Collect child tables that are nested under parents
   const nestedChildren = new Set();
@@ -75,17 +125,11 @@ function generateRoutesIndexFile(tableNames, relationships = [], options = {}) {
     nestedChildren.add(rel.child);
   }
 
-  // Import top-level routes only (not children)
+  // Import top-level routes only (children are mounted inside parent folders)
   for (const table of tableNames) {
     if (nestedChildren.has(table)) continue;
     const varName = safeVarName(table);
-    imports += `import ${varName}Route from "./${table}.js";\n`;
-  }
-
-  // Import child routes from subfolders
-  for (const rel of relationships) {
-    const varName = safeVarName(rel.child);
-    imports += `import ${varName}ChildRoute from "./${rel.parent}/${rel.child}.js";\n`;
+    imports += `import ${varName}Route from "./${table}/index.js";\n`;
   }
 
   // Import docs route if openapi is generated
@@ -100,13 +144,7 @@ function generateRoutesIndexFile(tableNames, relationships = [], options = {}) {
     imports += `router.use("/docs", docsRoute);\n`;
   }
 
-  // Mount child routes BEFORE parent routes to prevent path clashing
-  for (const rel of relationships) {
-    const childVar = safeVarName(rel.child);
-    imports += `router.use("/${rel.parent}/:${rel.foreignKey}/${rel.child}", ${childVar}ChildRoute);\n`;
-  }
-
-  // Mount top-level routes
+  // Mount top-level routes (children are already mounted inside their parent's index.js)
   for (const table of tableNames) {
     if (nestedChildren.has(table)) continue;
     const varName = safeVarName(table);
@@ -133,13 +171,13 @@ function generateTestFile(tableName, pk) {
   return `import assert from "assert";
 import express from "express";
 import request from "supertest";
+import "dotenv/config";
+import "#commons/db.js";
 import dbModelRouter from "db-model-router";
+import { ${varName} } from "#models";
 
 const { route } = dbModelRouter;
 
-// Adjust the path to your model file as needed
-import ${varName} from "../models/${tableName}.js";
-
 function createApp() {
   const app = express();
   app.use(express.json());
@@ -167,7 +205,7 @@ describe("${tableName} routes", function () {
       const res = await request(app)
         .post("/${tableName}/add")
         .send({});
-      assert.ok([200, 201, 400].includes(res.status));
+      assert.ok([200, 201, 400, 422, 500].includes(res.status));
     });
   });
 
@@ -176,7 +214,7 @@ describe("${tableName} routes", function () {
       const res = await request(app)
         .post("/${tableName}/")
         .send({ data: [] });
-      assert.ok([200, 201, 400].includes(res.status));
+      assert.ok([200, 201, 400, 422, 500].includes(res.status));
     });
   });
 
@@ -217,7 +255,7 @@ describe("${tableName} routes", function () {
       const res = await request(app)
         .put("/${tableName}/")
         .send({ data: [] });
-      assert.ok([200, 400].includes(res.status));
+      assert.ok([200, 400, 422, 500].includes(res.status));
     });
   });
 
@@ -606,6 +644,7 @@ if (require.main === module) {
 
 module.exports = {
   generateRouteFile,
+  generateParentRouteFile,
   generateChildRouteFile,
   generateRoutesIndexFile,
   generateTestFile,

package/src/cli/generate-saas-structure.js

@@ -0,0 +1,129 @@
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+
+const { generateSaasMigrations } = require("./saas/generate-saas-migrations");
+const { generateSaasModels } = require("./saas/generate-saas-models");
+const {
+  generateAuthenticateMiddleware,
+  generateTenantIsolationMiddleware,
+  generateHasPermissionMiddleware,
+} = require("./saas/generate-saas-middleware");
+const {
+  generateCrudRoutes,
+  generateAuthRoutes,
+  generateRoutesIndex,
+} = require("./saas/generate-saas-routes");
+const { generateSaasSeeds } = require("./saas/generate-saas-seeds");
+const {
+  generatePasswordUtil,
+  generateModulesUtil,
+  generateWebhookUtil,
+} = require("./saas/generate-saas-utils");
+const { generateSaasTests } = require("./saas/generate-saas-tests");
+
+/**
+ * Read the existing .gitignore file and append `credentials.md` if not already present.
+ * Returns the full .gitignore content to be written.
+ *
+ * @returns {string} Updated .gitignore content
+ */
+function getGitignoreContent() {
+  const gitignorePath = path.join(process.cwd(), ".gitignore");
+  let content = "";
+  if (fs.existsSync(gitignorePath)) {
+    content = fs.readFileSync(gitignorePath, "utf8");
+  }
+  if (!content.includes("credentials.md")) {
+    content = content.trimEnd() + "\ncredentials.md\n";
+  }
+  return content;
+}
+
+/**
+ * Main SaaS structure generator orchestrator.
+ *
+ * Calls all sub-generators and aggregates their output into a single
+ * planned[] array of { relPath, content } objects compatible with the
+ * existing generate command's file write loop.
+ *
+ * @param {string} adapter - Database adapter name (e.g. "postgres", "mysql", "sqlite3")
+ * @param {object} [options] - Generation options
+ * @param {boolean} [options.dryRun] - If true, files will not be written (handled by caller)
+ * @param {boolean} [options.json] - If true, output JSON format (handled by caller)
+ * @param {Date|number} [options.timestamp] - Base timestamp for migration files
+ * @param {string[]} [options.tableNames] - Schema-generated table names for routes index
+ * @param {Array<{parent, child, foreignKey}>} [options.relationships] - Schema relationships for routes index
+ * @param {{ includeDocs?: boolean }} [options.routeOptions] - Options for routes index generation
+ * @returns {Array<{ relPath: string, content: string }>} Combined planned file array
+ */
+function generateSaasStructure(adapter, options) {
+  const opts = options || {};
+  const planned = [];
+
+  // 1. Migrations
+  const timestamp = opts.timestamp || new Date();
+  const migrations = generateSaasMigrations(adapter, timestamp);
+  for (const entry of migrations) {
+    planned.push(entry);
+  }
+
+  // 2. Models (includes models/index.js barrel with both SaaS + dbmr tables)
+  const models = generateSaasModels(adapter, opts.tableNames || []);
+  for (const entry of models) {
+    planned.push(entry);
+  }
+
+  // 3. Middleware
+  planned.push(generateAuthenticateMiddleware());
+  planned.push(generateTenantIsolationMiddleware());
+  planned.push(generateHasPermissionMiddleware());
+
+  // 4. Routes (CRUD + auth + combined index with dbmr routes)
+  const crudRoutes = generateCrudRoutes();
+  for (const entry of crudRoutes) {
+    planned.push(entry);
+  }
+  planned.push(generateAuthRoutes());
+  planned.push(
+    generateRoutesIndex(
+      opts.tableNames || [],
+      opts.relationships || [],
+      opts.routeOptions || {},
+    ),
+  );
+
+  // 5. Seeds
+  const seeds = generateSaasSeeds(adapter);
+  for (const entry of seeds) {
+    planned.push(entry);
+  }
+
+  // 6. Utilities
+  planned.push({
+    relPath: "commons/password.js",
+    content: generatePasswordUtil(),
+  });
+  planned.push({
+    relPath: "commons/modules.js",
+    content: generateModulesUtil(),
+  });
+  planned.push({
+    relPath: "commons/webhook.js",
+    content: generateWebhookUtil(),
+  });
+
+  // 7. Tests
+  const tests = generateSaasTests();
+  for (const entry of tests) {
+    planned.push(entry);
+  }
+
+  // 8. .gitignore update (add credentials.md)
+  planned.push({ relPath: ".gitignore", content: getGitignoreContent() });
+
+  return planned;
+}
+
+module.exports = { generateSaasStructure, getGitignoreContent };

package/src/cli/init/dependencies.js

@@ -79,7 +79,7 @@ function getScripts(outputDir) {
   return {
     start: "node app.js",
     dev: "nodemon app.js",
-    test: 'echo "Error: no test specified" && exit 1',
+    test: "dotenv -- mocha --exit",
     migrate: `node ${prefix}commons/migrate.js`,
     add_migration: `node ${prefix}commons/add_migration.js`,
     "docker:build": "docker build -t app .",

package/src/cli/init/generators.js

@@ -169,8 +169,10 @@ function buildEnvContent(answers, mode, secrets) {
   const lines = [];
   lines.push("# Server");
   lines.push("PORT=3000");
+  lines.push("API_BASE_PATH=/api");
   lines.push("");
   lines.push("# Database");
+  lines.push(`DB_TYPE=${answers.database}`);
 
   const vars = DB_ENV_MAP[answers.database] || [];
   for (const v of vars) {
@@ -357,79 +359,6 @@ app.use(session({
 }));`;
 }
 
-/**
- * Generate the app.js file content.
- * @param {import('./types').InitAnswers} answers
- * @returns {string}
- */
-function generateAppJs(answers) {
-  const frameworkPkg =
-    answers.framework === "ultimate-express" ? "ultimate-express" : "express";
-
-  // Imports
-  let imports = `import express from "${frameworkPkg}";
-import { init, db } from "db-model-router";
-import session from "express-session";`;
-
-  if (answers.session === "redis") {
-    imports += `\nimport RedisStore from "connect-redis";
-import { Redis } from "ioredis";`;
-  }
-  if (answers.rateLimiting) {
-    imports += `\nimport rateLimit from "express-rate-limit";`;
-  }
-  if (answers.helmet) {
-    imports += `\nimport helmet from "helmet";`;
-  }
-  imports += `\nimport logger from "./middleware/logger.js";`;
-
-  // Rate limiting block
-  const rateLimitBlock = answers.rateLimiting
-    ? `app.use(rateLimit({
-  windowMs: 15 * 60 * 1000,
-  max: 100,
-  standardHeaders: true,
-  legacyHeaders: false,
-}));`
-    : "";
-
-  const helmetBlock = answers.helmet ? `app.use(helmet());` : "";
-
-  return `${imports}
-import "dotenv/config";
-
-// Initialize database adapter
-init("${answers.database}");
-${dbConnectBlock(answers.database)}
-
-const app = express();
-const PORT = process.env.PORT || 3000;
-
-// Middleware
-app.use(express.json());
-app.use(express.urlencoded({ extended: true }));
-${helmetBlock ? helmetBlock + "\n" : ""}${rateLimitBlock ? rateLimitBlock + "\n" : ""}${sessionBlock(answers)}
-app.use(logger);
-
-// Health check
-app.get("/health", (req, res) => {
-  res.json({ status: "ok", timestamp: new Date().toISOString() });
-});
-
-// Error handler
-app.use((err, req, res, next) => {
-  console.error(err.stack);
-  res.status(500).json({ type: "danger", message: "Internal Server Error" });
-});
-
-app.listen(PORT, () => {
-  console.log(\`Server running on port \${PORT}\`);
-});
-
-export default app;
-`;
-}
-
 // ---------------------------------------------------------------------------
 // Logger middleware generator
 // ---------------------------------------------------------------------------
@@ -1715,7 +1644,7 @@ export default db;
  * @param {string} [outputDir] - relative output directory for source files (e.g. "backend")
  * @returns {string}
  */
-function generateAppJsV2(answers, outputDir) {
+function generateAppJs(answers, outputDir) {
   const frameworkPkg =
     answers.framework === "ultimate-express" ? "ultimate-express" : "express";
 
@@ -1730,8 +1659,9 @@ import "${commonsPrefix}/db.js";
 import configureSession from "${commonsPrefix}/session.js";
 import applySecurity from "${commonsPrefix}/security.js";
 import logger from "${middlewarePrefix}/logger.js";
-import route from "${routePrefix}/index.js";
+import routes from "${routePrefix}/index.js";
 import { fileURLToPath } from 'node:url';
+import path from "path";
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const app = express();
 const PORT = process.env.PORT || 3000;
@@ -1750,7 +1680,7 @@ app.use(configureSession());
 app.use(logger);
 
 // Routes
-app.use(route);
+app.use(process.env.API_BASE_PATH || "/api", routes);
 
 // Error handler
 app.use((err, req, res, next) => {
@@ -1771,7 +1701,6 @@ module.exports = {
   isSql,
   randomPassword,
   generateAppJs,
-  generateAppJsV2,
   generateEnvFile,
   generateEnvExample,
   generateLoggerMiddleware,

package/src/cli/init.js

@@ -7,7 +7,6 @@ const { execSync } = require("child_process");
 
 const {
   generateAppJs,
-  generateAppJsV2,
   generateEnvFile,
   generateEnvExample,
   generateLoggerMiddleware,
@@ -109,7 +108,7 @@ function generateFiles(answers, outputDir) {
 
   // Root-level files (always in cwd, not in outputDir)
   // app.js uses the v2 generator that links commons/route modules
-  if (safeWriteFile("app.js", generateAppJsV2(answers, outputDir || "")))
+  if (safeWriteFile("app.js", generateAppJs(answers, outputDir || "")))
     files.push("app.js");
   if (safeWriteFile(".env", generateEnvFile(answers, secrets)))
     files.push(".env");
@@ -254,6 +253,14 @@ function updatePackageJson(answers, outputDir) {
   const scripts = getScripts(outputDir);
 
   pkg.type = "module";
+  pkg.imports = {
+    "#root/*.js": "./*.js",
+    "#models": "./models/index.js",
+    "#models/*.js": "./models/*.js",
+    "#routes/*.js": "./routes/*.js",
+    "#commons/*.js": "./commons/*.js",
+    "#middleware/*.js": "./middleware/*.js",
+  };
   pkg.scripts = Object.assign({}, pkg.scripts || {}, scripts);
   pkg.dependencies = Object.assign({}, pkg.dependencies || {}, dependencies);
   pkg.devDependencies = Object.assign(

package/src/cli/main.js

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 "use strict";
 
 const { parseFlags, OutputContext } = require("./flags");
@@ -9,6 +9,7 @@ const generateCmd = require("./commands/generate");
 const doctorCmd = require("./commands/doctor");
 const diffCmd = require("./commands/diff");
 const helpCmd = require("./commands/help");
+const dbManagerCmd = require("./commands/db-manager");
 
 /**
  * Map of subcommand names to their handler functions.
@@ -19,6 +20,7 @@ const COMMANDS = {
   generate: generateCmd,
   doctor: doctorCmd,
   diff: diffCmd,
+  "db-manager": dbManagerCmd,
   help: helpCmd,
 };
 
@@ -31,6 +33,7 @@ const COMMAND_DESCRIPTIONS = {
   generate: "Generate models, routes, tests, and OpenAPI spec from a schema",
   doctor: "Validate schema, check dependencies, and verify file sync",
   diff: "Preview changes between current files and what the schema would produce",
+  "db-manager": "Start a live database management UI",
   help: "Show help for a command",
 };
 
@@ -68,6 +71,10 @@ const COMMAND_FLAGS = {
   ],
   doctor: [["--from <path>", "Schema file (default: dbmr.schema.json)"]],
   diff: [["--from <path>", "Schema file (default: dbmr.schema.json)"]],
+  "db-manager": [
+    ["--env <path>", "Path to .env file (default: .env)"],
+    ["--port <number>", "Server port (default: 4000)"],
+  ],
 };
 
 /**

package/src/cli/saas/generate-saas-middleware.js

@@ -0,0 +1,110 @@
+"use strict";
+
+/**
+ * SaaS middleware generators.
+ *
+ * Each function returns a { relPath, content } object for a middleware file.
+ * Generated code uses ES6 module syntax (import/export).
+ */
+
+/**
+ * Generate the authenticate middleware file.
+ *
+ * @returns {{ relPath: string, content: string }}
+ */
+function generateAuthenticateMiddleware() {
+  const relPath = "middleware/authenticate.js";
+  const content = `/**
+ * Authentication middleware.
+ *
+ * Validates that the request has an active session with a user object.
+ * Responds with 401 Unauthorized if no valid session exists.
+ */
+function authenticate(req, res, next) {
+  if (!req.session || !req.session.user) {
+    return res.status(401).json({ message: "Unauthorized" });
+  }
+  next();
+}
+
+export default authenticate;
+`;
+  return { relPath, content };
+}
+
+/**
+ * Generate the tenant isolation middleware file.
+ *
+ * @returns {{ relPath: string, content: string }}
+ */
+function generateTenantIsolationMiddleware() {
+  const relPath = "middleware/tenantIsolation.js";
+  const content = `/**
+ * Tenant isolation middleware.
+ *
+ * Restricts data access to the user's own tenant unless the user
+ * has a global-scoped permission. Injects tenant_id into query
+ * and body parameters for non-global users.
+ */
+function tenantIsolation(req, res, next) {
+  const hasGlobal = req.session.permission.some((p) => p.scope === "global");
+  if (!hasGlobal) {
+    if (!req.query) req.query = {};
+    if (!req.body) req.body = {};
+    req.query.tenant_id = req.session.user.tenant_id;
+    req.body.tenant_id = req.session.user.tenant_id;
+  }
+  next();
+}
+
+export default tenantIsolation;
+`;
+  return { relPath, content };
+}
+
+/**
+ * Generate the hasPermission middleware file.
+ *
+ * @returns {{ relPath: string, content: string }}
+ */
+function generateHasPermissionMiddleware() {
+  const relPath = "middleware/hasPermission.js";
+  const content = `import { isValidModule } from "#commons/modules.js";
+
+/**
+ * Permission validation middleware factory.
+ *
+ * Returns a middleware function that checks whether the authenticated user
+ * has the required permission for the specified module and action.
+ * A permission entry with action "global" grants access to any action
+ * on that module.
+ *
+ * @param {string} module - The module name to check permission for
+ * @param {string} action - The required action
+ * @returns {function} Express middleware function
+ */
+function hasPermission(module, action) {
+  return (req, res, next) => {
+    if (!isValidModule(module)) {
+      return res.status(403).json({ message: "Invalid module" });
+    }
+    const match = req.session.permission.find(
+      (p) => p.module === module && (p.action === action || p.action === "global")
+    );
+    if (!match) {
+      return res.status(403).json({ message: "Forbidden" });
+    }
+    next();
+  };
+}
+
+export default hasPermission;
+`;
+  return { relPath, content };
+}
+
+module.exports = {
+  generateAuthenticateMiddleware,
+  generateTenantIsolationMiddleware,
+  generateHasPermissionMiddleware,
+};