dzql 0.4.5 → 0.4.6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dzql",
-  "version": "0.4.5",
+  "version": "0.4.6",
   "description": "PostgreSQL-powered framework with zero boilerplate CRUD operations and real-time WebSocket synchronization",
   "type": "module",
   "main": "src/server/index.js",

package/src/compiler/codegen/auth-codegen.js

@@ -0,0 +1,147 @@
+/**
+ * Auth Code Generator
+ * Generates PostgreSQL functions for user authentication
+ * Only generated when the entity is named 'users'
+ */
+
+export class AuthCodegen {
+  constructor(entity) {
+    this.entity = entity;
+    this.tableName = entity.tableName;
+  }
+
+  /**
+   * Check if this entity should have auth functions generated
+   * @returns {boolean}
+   */
+  shouldGenerate() {
+    return this.tableName === 'users';
+  }
+
+  /**
+   * Generate all auth functions
+   * @returns {string} SQL for auth functions
+   */
+  generateAll() {
+    if (!this.shouldGenerate()) {
+      return '';
+    }
+
+    return [
+      this._generateProfileFunction(),
+      this._generateRegisterFunction(),
+      this._generateLoginFunction()
+    ].join('\n\n');
+  }
+
+  /**
+   * Generate _profile function
+   * Returns all user columns except sensitive fields
+   * @private
+   */
+  _generateProfileFunction() {
+    return `-- ============================================================================
+-- Auth: _profile function for ${this.tableName}
+-- Returns user record minus sensitive fields
+-- ============================================================================
+CREATE OR REPLACE FUNCTION _profile(p_user_id INT)
+RETURNS JSONB
+LANGUAGE SQL
+SECURITY DEFINER
+AS $$
+  SELECT jsonb_build_object('user_id', u.id) || (to_jsonb(u.*) - 'id' - 'password_hash' - 'password' - 'secret' - 'token')
+  FROM ${this.tableName} u
+  WHERE id = p_user_id;
+$$;`;
+  }
+
+  /**
+   * Generate register_user function
+   * Supports optional extra fields via JSON parameter
+   * @private
+   */
+  _generateRegisterFunction() {
+    return `-- ============================================================================
+-- Auth: register_user function for ${this.tableName}
+-- p_extra: optional JSON object with additional fields to set on the user record
+-- Example: register_user('test@example.com', 'password', '{"name": "Test User"}')
+-- ============================================================================
+CREATE OR REPLACE FUNCTION register_user(p_email TEXT, p_password TEXT, p_extra JSONB DEFAULT '{}')
+RETURNS JSONB
+LANGUAGE plpgsql
+SECURITY DEFINER
+AS $$
+DECLARE
+  v_user_id INT;
+  v_salt TEXT;
+  v_hash TEXT;
+  v_insert_data JSONB;
+BEGIN
+  -- Generate salt and hash password
+  v_salt := gen_salt('bf', 10);
+  v_hash := crypt(p_password, v_salt);
+
+  -- Build insert data: extra fields + email + password_hash (extra cannot override core fields)
+  v_insert_data := (p_extra - 'id' - 'email' - 'password_hash' - 'password')
+                   || jsonb_build_object('email', p_email, 'password_hash', v_hash);
+
+  -- Dynamic INSERT from JSONB (same pattern as compiled save functions)
+  EXECUTE (
+    SELECT format(
+      'INSERT INTO ${this.tableName} (%s) VALUES (%s) RETURNING id',
+      string_agg(quote_ident(key), ', '),
+      string_agg(quote_nullable(value), ', ')
+    )
+    FROM jsonb_each_text(v_insert_data) kv(key, value)
+  ) INTO v_user_id;
+
+  RETURN _profile(v_user_id);
+EXCEPTION
+  WHEN unique_violation THEN
+    RAISE EXCEPTION 'Email already exists' USING errcode = '23505';
+END $$;`;
+  }
+
+  /**
+   * Generate login_user function
+   * @private
+   */
+  _generateLoginFunction() {
+    return `-- ============================================================================
+-- Auth: login_user function for ${this.tableName}
+-- ============================================================================
+CREATE OR REPLACE FUNCTION login_user(p_email TEXT, p_password TEXT)
+RETURNS JSONB
+LANGUAGE plpgsql
+SECURITY DEFINER
+AS $$
+DECLARE
+  v_user_record RECORD;
+BEGIN
+  SELECT id, email, password_hash
+  INTO v_user_record
+  FROM ${this.tableName}
+  WHERE email = p_email;
+
+  IF NOT FOUND THEN
+    RAISE EXCEPTION 'Invalid credentials' USING errcode = '28000';
+  END IF;
+
+  IF NOT (v_user_record.password_hash = crypt(p_password, v_user_record.password_hash)) THEN
+    RAISE EXCEPTION 'Invalid credentials' USING errcode = '28000';
+  END IF;
+
+  RETURN _profile(v_user_record.id);
+END $$;`;
+  }
+}
+
+/**
+ * Generate auth functions for an entity (only if it's the users table)
+ * @param {Object} entity - Entity configuration
+ * @returns {string} SQL for auth functions (empty string if not users table)
+ */
+export function generateAuthFunctions(entity) {
+  const codegen = new AuthCodegen(entity);
+  return codegen.generateAll();
+}

package/src/compiler/compiler.js

@@ -10,6 +10,7 @@ import { generateOperations } from './codegen/operation-codegen.js';
 import { generateNotificationFunction } from './codegen/notification-codegen.js';
 import { generateGraphRuleFunctions } from './codegen/graph-rules-codegen.js';
 import { generateSubscribable } from './codegen/subscribable-codegen.js';
+import { generateAuthFunctions } from './codegen/auth-codegen.js';
 import crypto from 'crypto';
 
 export class DZQLCompiler {
@@ -53,6 +54,12 @@ export class DZQLCompiler {
     const operationSQL = generateOperations(normalizedEntity);
     sections.push(operationSQL);
 
+    // Auth functions (only for users table)
+    const authSQL = generateAuthFunctions(normalizedEntity);
+    if (authSQL) {
+      sections.push(authSQL);
+    }
+
     // Notification path resolution (if needed)
     if (normalizedEntity.notificationPaths &&
         Object.keys(normalizedEntity.notificationPaths).length > 0) {

package/src/database/migrations/006_auth.sql

@@ -5,37 +5,51 @@
 create extension if not exists pgcrypto;
 
 -- === Users Table ===
+-- Core auth table with optional name field
+-- Applications can add additional columns as needed
+-- Note: created_at is tracked via the action log, not here
 create table if not exists users (
   id serial primary key,
+  name text,
   email text unique not null,
-  name text not null,
-  password_hash text not null,
-  created_at timestamptz default now()
+  password_hash text not null
 );
 
 -- === Auth Functions ===
 
 -- Register new user
-create or replace function register_user(p_email text, p_password text)
+-- p_extra: optional JSON object with additional fields to set on the user record
+-- Example: register_user('test@example.com', 'password', '{"name": "Test User"}')
+create or replace function register_user(p_email text, p_password text, p_extra jsonb default '{}')
 returns jsonb
 language plpgsql
 security definer
 as $$
 declare
-  user_id int;
-  salt text;
-  hash text;
+  v_user_id int;
+  v_salt text;
+  v_hash text;
+  v_insert_data jsonb;
 begin
   -- Generate salt and hash password
-  salt := gen_salt('bf', 10);
-  hash := crypt(p_password, salt);
+  v_salt := gen_salt('bf', 10);
+  v_hash := crypt(p_password, v_salt);
 
-  -- Insert user
-  insert into users (email, name, password_hash)
-  values (p_email, split_part(p_email, '@', 1), hash)
-  returning id into user_id;
+  -- Build insert data: extra fields + email + password_hash (extra cannot override core fields)
+  v_insert_data := (p_extra - 'id' - 'email' - 'password_hash' - 'password')
+                   || jsonb_build_object('email', p_email, 'password_hash', v_hash);
 
-  return _profile(user_id);
+  -- Dynamic INSERT from JSONB (same pattern as compiled save functions)
+  execute (
+    select format(
+      'INSERT INTO users (%s) VALUES (%s) RETURNING id',
+      string_agg(quote_ident(key), ', '),
+      string_agg(quote_nullable(value), ', ')
+    )
+    from jsonb_each_text(v_insert_data) kv(key, value)
+  ) into v_user_id;
+
+  return _profile(v_user_id);
 exception
   when unique_violation then
     raise exception 'Email already exists' using errcode = '23505';
@@ -50,7 +64,7 @@ as $$
 declare
   user_record record;
 begin
-  select id, email, name, password_hash
+  select id, email, password_hash
   into user_record
   from users
   where email = p_email;
@@ -67,17 +81,14 @@ begin
 end $$;
 
 -- Get user profile (private function)
+-- Returns all user columns except sensitive fields (password_hash, password, secret, token)
+-- This allows the users table to have any additional columns without modifying this function
 create or replace function _profile(p_user_id int)
 returns jsonb
 language sql
 security definer
 as $$
-  select jsonb_build_object(
-    'user_id', id,
-    'email', email,
-    'name', name,
-    'created_at', created_at
-  )
-  from users
+  select jsonb_build_object('user_id', u.id) || (to_jsonb(u.*) - 'id' - 'password_hash' - 'password' - 'secret' - 'token')
+  from users u
   where id = p_user_id;
 $$;