dn-react-router-toolkit 0.8.0 → 0.9.0

package/dist/api/index.js

@@ -379,18 +379,27 @@ function apiHandler({
 var import_http3 = require("dn-react-toolkit/http");
 function itemApiHandler({
   withAuthAction,
-  repository
+  repository,
+  isOwnedBy,
+  roles
 }) {
   const loader = async ({ request }) => {
     return {};
   };
   const action = withAuthAction((auth) => async ({ params, request }) => {
-    if (!auth || auth.role !== "admin") {
-      return (0, import_http3.UNAUTHORIZED)();
+    if (roles && roles.length > 0 && (!auth || !roles.includes(auth.role))) {
+      throw (0, import_http3.UNAUTHORIZED)();
+    }
+    const itemId = params.itemId;
+    const existing = await repository.find(itemId);
+    if (!existing) {
+      throw (0, import_http3.NOT_FOUND)();
+    }
+    if (isOwnedBy && !isOwnedBy(existing, auth)) {
+      throw (0, import_http3.FORBIDDEN)();
     }
     switch (request.method) {
       case "DELETE": {
-        const itemId = params.itemId;
         await repository.delete(itemId);
         return {};
       }

package/dist/api/index.mjs

@@ -371,21 +371,30 @@ function apiHandler({
 }
 
 // src/api/item_api_handler.ts
-import { UNAUTHORIZED as UNAUTHORIZED2 } from "dn-react-toolkit/http";
+import { FORBIDDEN, NOT_FOUND as NOT_FOUND2, UNAUTHORIZED as UNAUTHORIZED2 } from "dn-react-toolkit/http";
 function itemApiHandler({
   withAuthAction,
-  repository
+  repository,
+  isOwnedBy,
+  roles
 }) {
   const loader = async ({ request }) => {
     return {};
   };
   const action = withAuthAction((auth) => async ({ params, request }) => {
-    if (!auth || auth.role !== "admin") {
-      return UNAUTHORIZED2();
+    if (roles && roles.length > 0 && (!auth || !roles.includes(auth.role))) {
+      throw UNAUTHORIZED2();
+    }
+    const itemId = params.itemId;
+    const existing = await repository.find(itemId);
+    if (!existing) {
+      throw NOT_FOUND2();
+    }
+    if (isOwnedBy && !isOwnedBy(existing, auth)) {
+      throw FORBIDDEN();
     }
     switch (request.method) {
       case "DELETE": {
-        const itemId = params.itemId;
         await repository.delete(itemId);
         return {};
       }

package/dist/api/item_api_handler.d.mts

@@ -2,16 +2,18 @@ import { LoaderFunctionArgs } from 'react-router';
 import { TableRepository } from '../table/repository.mjs';
 import { PgTableWithColumns } from 'drizzle-orm/pg-core';
 import { WithAuthHandler } from '../auth/with_auth.mjs';
+import { AccessTokenPayload } from 'dn-react-toolkit/auth';
 import 'drizzle-orm';
 import 'drizzle-orm/node-postgres';
-import 'dn-react-toolkit/auth';
 import 'dn-react-toolkit/auth/server';
 
 type ItemAPIHandlerOptions<T extends PgTableWithColumns<any>, TSelect> = {
     withAuthAction: WithAuthHandler<LoaderFunctionArgs>;
     repository: TableRepository<T, TSelect>;
+    isOwnedBy?: (item: TSelect, auth: AccessTokenPayload | undefined) => boolean;
+    roles?: string[];
 };
-declare function itemApiHandler<T extends PgTableWithColumns<any>, TSelect>({ withAuthAction, repository, }: ItemAPIHandlerOptions<T, TSelect>): {
+declare function itemApiHandler<T extends PgTableWithColumns<any>, TSelect>({ withAuthAction, repository, isOwnedBy, roles, }: ItemAPIHandlerOptions<T, TSelect>): {
     loader: ({ request }: LoaderFunctionArgs) => Promise<{}>;
     action: (arg: LoaderFunctionArgs<any>) => Promise<unknown> | unknown;
 };

package/dist/api/item_api_handler.d.ts

@@ -2,16 +2,18 @@ import { LoaderFunctionArgs } from 'react-router';
 import { TableRepository } from '../table/repository.js';
 import { PgTableWithColumns } from 'drizzle-orm/pg-core';
 import { WithAuthHandler } from '../auth/with_auth.js';
+import { AccessTokenPayload } from 'dn-react-toolkit/auth';
 import 'drizzle-orm';
 import 'drizzle-orm/node-postgres';
-import 'dn-react-toolkit/auth';
 import 'dn-react-toolkit/auth/server';
 
 type ItemAPIHandlerOptions<T extends PgTableWithColumns<any>, TSelect> = {
     withAuthAction: WithAuthHandler<LoaderFunctionArgs>;
     repository: TableRepository<T, TSelect>;
+    isOwnedBy?: (item: TSelect, auth: AccessTokenPayload | undefined) => boolean;
+    roles?: string[];
 };
-declare function itemApiHandler<T extends PgTableWithColumns<any>, TSelect>({ withAuthAction, repository, }: ItemAPIHandlerOptions<T, TSelect>): {
+declare function itemApiHandler<T extends PgTableWithColumns<any>, TSelect>({ withAuthAction, repository, isOwnedBy, roles, }: ItemAPIHandlerOptions<T, TSelect>): {
     loader: ({ request }: LoaderFunctionArgs) => Promise<{}>;
     action: (arg: LoaderFunctionArgs<any>) => Promise<unknown> | unknown;
 };

package/dist/api/item_api_handler.js

@@ -26,18 +26,27 @@ module.exports = __toCommonJS(item_api_handler_exports);
 var import_http = require("dn-react-toolkit/http");
 function itemApiHandler({
   withAuthAction,
-  repository
+  repository,
+  isOwnedBy,
+  roles
 }) {
   const loader = async ({ request }) => {
     return {};
   };
   const action = withAuthAction((auth) => async ({ params, request }) => {
-    if (!auth || auth.role !== "admin") {
-      return (0, import_http.UNAUTHORIZED)();
+    if (roles && roles.length > 0 && (!auth || !roles.includes(auth.role))) {
+      throw (0, import_http.UNAUTHORIZED)();
+    }
+    const itemId = params.itemId;
+    const existing = await repository.find(itemId);
+    if (!existing) {
+      throw (0, import_http.NOT_FOUND)();
+    }
+    if (isOwnedBy && !isOwnedBy(existing, auth)) {
+      throw (0, import_http.FORBIDDEN)();
     }
     switch (request.method) {
       case "DELETE": {
-        const itemId = params.itemId;
         await repository.delete(itemId);
         return {};
       }

package/dist/api/item_api_handler.mjs

@@ -1,19 +1,28 @@
 // src/api/item_api_handler.ts
-import { UNAUTHORIZED } from "dn-react-toolkit/http";
+import { FORBIDDEN, NOT_FOUND, UNAUTHORIZED } from "dn-react-toolkit/http";
 function itemApiHandler({
   withAuthAction,
-  repository
+  repository,
+  isOwnedBy,
+  roles
 }) {
   const loader = async ({ request }) => {
     return {};
   };
   const action = withAuthAction((auth) => async ({ params, request }) => {
-    if (!auth || auth.role !== "admin") {
-      return UNAUTHORIZED();
+    if (roles && roles.length > 0 && (!auth || !roles.includes(auth.role))) {
+      throw UNAUTHORIZED();
+    }
+    const itemId = params.itemId;
+    const existing = await repository.find(itemId);
+    if (!existing) {
+      throw NOT_FOUND();
+    }
+    if (isOwnedBy && !isOwnedBy(existing, auth)) {
+      throw FORBIDDEN();
     }
     switch (request.method) {
       case "DELETE": {
-        const itemId = params.itemId;
         await repository.delete(itemId);
         return {};
       }

package/dist/crud/index.d.mts

@@ -1,25 +1,5 @@
 export { CrudFormProps, FormColumnValue, FormColumns, FormContext, FormContextProps, useFormContext } from './crud_form_provider.mjs';
-export { CrudHandler, CrudHandlerOptions, crudHandler } from './crud_loader.mjs';
-export { CrudPage, CrudPageOptions, crudPage } from './crud_page.mjs';
-export { generateHandlers } from './generate_handlers.mjs';
-export { generatePages } from './generate_pages.mjs';
-export { generateCrudRoutes } from './generate_routes.mjs';
 export { deserialize, serialize } from './serialize.mjs';
 import 'react/jsx-runtime';
 import 'react';
 import 'react-store-input';
-import 'react-router';
-import '../table/item_loader.mjs';
-import '../table/repository.mjs';
-import 'drizzle-orm';
-import 'drizzle-orm/node-postgres';
-import 'drizzle-orm/pg-core';
-import '../table/load_table.mjs';
-import '../api/create_api_handler.mjs';
-import '../auth/with_auth.mjs';
-import 'dn-react-toolkit/auth';
-import 'dn-react-toolkit/auth/server';
-import '../table/table_form.mjs';
-import '../table/table.mjs';
-import '../table/use_table.mjs';
-import '@react-router/dev/routes';

package/dist/crud/index.d.ts

@@ -1,25 +1,5 @@
 export { CrudFormProps, FormColumnValue, FormColumns, FormContext, FormContextProps, useFormContext } from './crud_form_provider.js';
-export { CrudHandler, CrudHandlerOptions, crudHandler } from './crud_loader.js';
-export { CrudPage, CrudPageOptions, crudPage } from './crud_page.js';
-export { generateHandlers } from './generate_handlers.js';
-export { generatePages } from './generate_pages.js';
-export { generateCrudRoutes } from './generate_routes.js';
 export { deserialize, serialize } from './serialize.js';
 import 'react/jsx-runtime';
 import 'react';
 import 'react-store-input';
-import 'react-router';
-import '../table/item_loader.js';
-import '../table/repository.js';
-import 'drizzle-orm';
-import 'drizzle-orm/node-postgres';
-import 'drizzle-orm/pg-core';
-import '../table/load_table.js';
-import '../api/create_api_handler.js';
-import '../auth/with_auth.js';
-import 'dn-react-toolkit/auth';
-import 'dn-react-toolkit/auth/server';
-import '../table/table_form.js';
-import '../table/table.js';
-import '../table/use_table.js';
-import '@react-router/dev/routes';