dzql 0.6.17 → 0.6.19

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dzql",
-  "version": "0.6.17",
+  "version": "0.6.19",
   "description": "Database-first real-time framework with TypeScript support",
   "repository": {
     "type": "git",

package/src/cli/codegen/manifest.ts

@@ -20,9 +20,9 @@ export interface FunctionDef {
 
 export function generateManifest(ir: DomainIR): Manifest {
   const functions: Record<string, FunctionDef> = {
-    // Built-in Auth Functions
-    login_user: { schema: 'dzql_v2', name: 'login_user', args: ['p_params'], returnType: 'jsonb' },
-    register_user: { schema: 'dzql_v2', name: 'register_user', args: ['p_params'], returnType: 'jsonb' }
+    // Built-in Auth Functions (individual params, not jsonb)
+    login_user: { schema: 'dzql_v2', name: 'login_user', args: ['p_email', 'p_password'], returnType: 'jsonb' },
+    register_user: { schema: 'dzql_v2', name: 'register_user', args: ['p_email', 'p_password', 'p_options'], returnType: 'jsonb' }
   };
 
   for (const [name, entity] of Object.entries(ir.entities)) {

package/src/cli/codegen/sql.ts

@@ -71,11 +71,40 @@ BEGIN
   RETURN ARRAY[]::text[];
 END;
 $$;
+`;
+}
 
--- === AUTH FUNCTIONS ===
+/**
+ * Generate auth SQL functions.
+ * These depend on the 'users' table existing, so must be applied after schema.
+ */
+export function generateAuthSQL() {
+  return `
+-- === AUTH SYSTEM ===
+-- These functions depend on a 'users' table being created by the domain schema.
+-- The users table must have: id (serial PK), email (text unique), password_hash (text)
+-- Additional columns can be added and will be returned by _profile() automatically.
+
+-- Get user profile (private function)
+-- Returns all user columns except sensitive fields (password_hash, password, secret, token)
+-- This allows the users table to have any additional columns without modifying this function
+CREATE OR REPLACE FUNCTION dzql_v2._profile(p_user_id int)
+RETURNS jsonb
+LANGUAGE sql
+SECURITY DEFINER
+SET search_path = dzql_v2, public
+AS $$
+  SELECT jsonb_build_object('user_id', u.id) || (to_jsonb(u.*) - 'id' - 'password_hash' - 'password' - 'secret' - 'token')
+  FROM users u
+  WHERE id = p_user_id;
+$$;
 
--- Register User
-CREATE OR REPLACE FUNCTION dzql_v2.register_user(p_params jsonb)
+-- Register new user
+-- p_email: User's email address (must be unique)
+-- p_password: User's password (will be hashed)
+-- p_options: Optional JSON object with additional fields to set on the user record
+-- Example: register_user('test@example.com', 'password', '{"name": "Test User"}')
+CREATE OR REPLACE FUNCTION dzql_v2.register_user(p_email text, p_password text, p_options jsonb DEFAULT NULL)
 RETURNS jsonb
 LANGUAGE plpgsql
 SECURITY DEFINER
@@ -83,37 +112,46 @@ SET search_path = dzql_v2, public
 AS $$
 DECLARE
   v_user_id int;
-  v_email text;
-  v_password text;
-  v_name text;
-  v_options jsonb;
+  v_salt text;
+  v_hash text;
+  v_insert_data jsonb;
 BEGIN
-  v_email := p_params->>'email';
-  v_password := p_params->>'password';
-  v_name := COALESCE(p_params->>'name', v_email);
-  v_options := COALESCE(p_params->'options', '{}'::jsonb);
-
-  IF v_email IS NULL OR v_password IS NULL THEN
+  IF p_email IS NULL OR p_password IS NULL THEN
     RAISE EXCEPTION 'validation_error: email and password required';
   END IF;
 
-  INSERT INTO users (email, password_hash, name)
-  VALUES (v_email, crypt(v_password, gen_salt('bf')), v_name)
-  RETURNING id INTO v_user_id;
+  -- Generate salt and hash password
+  v_salt := gen_salt('bf', 10);
+  v_hash := crypt(p_password, v_salt);
 
-  -- TODO: Handle v_options if needed (e.g. creating orgs)
+  -- Build insert data: options fields + email + password_hash (options cannot override core fields)
+  v_insert_data := jsonb_build_object('email', p_email, 'password_hash', v_hash);
+  IF p_options IS NOT NULL THEN
+    v_insert_data := (p_options - 'id' - 'email' - 'password_hash' - 'password') || v_insert_data;
+  END IF;
 
-  -- Return minimal profile (Token generation happens in Runtime layer)
-  RETURN jsonb_build_object(
-    'user_id', v_user_id,
-    'email', v_email,
-    'name', v_name
-  );
+  -- Dynamic INSERT from JSONB (same pattern as compiled save functions)
+  EXECUTE (
+    SELECT format(
+      'INSERT INTO users (%s) VALUES (%s) RETURNING id',
+      string_agg(quote_ident(key), ', '),
+      string_agg(quote_nullable(value), ', ')
+    )
+    FROM jsonb_each_text(v_insert_data) kv(key, value)
+  ) INTO v_user_id;
+
+  -- Return profile (Token generation happens in Runtime layer)
+  RETURN dzql_v2._profile(v_user_id);
+EXCEPTION
+  WHEN unique_violation THEN
+    RAISE EXCEPTION 'validation_error: Email already exists' USING ERRCODE = '23505';
 END;
 $$;
 
--- Login User
-CREATE OR REPLACE FUNCTION dzql_v2.login_user(p_params jsonb)
+-- Login user
+-- p_email: User's email address
+-- p_password: User's password
+CREATE OR REPLACE FUNCTION dzql_v2.login_user(p_email text, p_password text)
 RETURNS jsonb
 LANGUAGE plpgsql
 SECURITY DEFINER
@@ -122,17 +160,20 @@ AS $$
 DECLARE
   v_user record;
 BEGIN
-  SELECT * INTO v_user FROM users WHERE email = p_params->>'email';
+  SELECT id, email, password_hash
+  INTO v_user
+  FROM users
+  WHERE email = p_email;
 
-  IF v_user IS NULL OR v_user.password_hash != crypt(p_params->>'password', v_user.password_hash) THEN
-    RAISE EXCEPTION 'permission_denied: invalid credentials';
+  IF NOT FOUND THEN
+    RAISE EXCEPTION 'permission_denied: invalid credentials' USING ERRCODE = '28000';
   END IF;
 
-  RETURN jsonb_build_object(
-    'user_id', v_user.id,
-    'email', v_user.email,
-    'name', v_user.name
-  );
+  IF NOT (v_user.password_hash = crypt(p_password, v_user.password_hash)) THEN
+    RAISE EXCEPTION 'permission_denied: invalid credentials' USING ERRCODE = '28000';
+  END IF;
+
+  RETURN dzql_v2._profile(v_user.id);
 END;
 $$;
 `;

package/src/cli/codegen/types.ts

@@ -22,7 +22,8 @@ const PARAM_TYPE_MAP: Record<string, string> = {
   'number': 'number',
   'boolean': 'boolean',
   'date': 'string',
-  'timestamptz': 'string'
+  'timestamptz': 'string',
+  'object': 'Record<string, unknown>'
 };
 
 export function generateTypeDefinitions(
@@ -132,14 +133,18 @@ export type FilterValue<T> = T | FilterOperators<T>;
 
         // Add includes as optional fields
         if (sub.includes) {
+          const rootEntityIR = entities[rootEntity];
+          const rootColumns = new Set(rootEntityIR.columns.map(c => c.name));
+
           for (const [includeKey, includeIR] of Object.entries(sub.includes)) {
             const includeEntity = includeIR.entity;
             const includeEntityPascal = toPascalCase(includeEntity);
 
-            // Determine if it's an array (one-to-many) or single (many-to-one)
-            // For now, assume arrays unless the include key matches a FK pattern
-            const isArray = !includeKey.endsWith('_id') && includeKey !== rootEntity;
-            const includeType = isArray ? `${includeEntityPascal}[]` : includeEntityPascal;
+            // Determine if it's many-to-one (singular) or one-to-many (array)
+            // If root entity has a column `{includeKey}_id`, it's many-to-one
+            const fkColumn = `${includeKey}_id`;
+            const isManyToOne = rootColumns.has(fkColumn);
+            const includeType = isManyToOne ? includeEntityPascal : `${includeEntityPascal}[]`;
 
             output += `  ${includeKey}?: ${includeType};\n`;
           }
@@ -177,7 +182,9 @@ export type FilterValue<T> = T | FilterOperators<T>;
     output += `export interface RegisterParams {\n`;
     for (const [paramName, paramType] of Object.entries(auth.registerParams)) {
       const tsType = PARAM_TYPE_MAP[paramType] || paramType;
-      output += `  ${paramName}: ${tsType};\n`;
+      // options is optional (p_options jsonb DEFAULT NULL)
+      const optional = paramName === 'options' ? '?' : '';
+      output += `  ${paramName}${optional}: ${tsType};\n`;
     }
     output += `}\n\n`;
 

package/src/cli/compiler/ir.ts

@@ -241,7 +241,7 @@ export function generateIR(domain: DomainConfig): DomainIR {
     auth = {
       userFields: domain.auth.userFields || {},
       loginParams: domain.auth.loginParams || { email: 'string', password: 'string' },
-      registerParams: domain.auth.registerParams || { email: 'string', password: 'string' }
+      registerParams: domain.auth.registerParams || { email: 'string', password: 'string', options: 'object' }
     };
   } else if (entities['users']) {
     // Derive auth config from users entity
@@ -264,7 +264,7 @@ export function generateIR(domain: DomainConfig): DomainIR {
     auth = {
       userFields,
       loginParams: { email: 'string', password: 'string' },
-      registerParams: { email: 'string', password: 'string' }
+      registerParams: { email: 'string', password: 'string', options: 'object' }
     };
   }
 

package/src/cli/index.ts

@@ -2,7 +2,7 @@
 import { loadDomain } from "./compiler/loader.js";
 import { analyzeDomain } from "./compiler/analyzer.js";
 import { generateIR } from "./compiler/ir.js";
-import { generateCoreSQL, generateEntitySQL, generateSchemaSQL } from "./codegen/sql.js";
+import { generateCoreSQL, generateAuthSQL, generateEntitySQL, generateSchemaSQL } from "./codegen/sql.js";
 import { generateSubscribableSQL, generateComputeAffectedKeysFunction } from "./codegen/subscribable_sql.js";
 import { generateManifest } from "./codegen/manifest.js";
 import { generateSubscribableStore } from "./codegen/subscribable_store.js";
@@ -107,10 +107,14 @@ async function main() {
       writeFileSync(resolve(dbDir, `000_core.sql`), coreSQL);
       const timestamp = new Date().toISOString().replace(/[:.-]/g, '');
 
-      // Combine entity SQL with custom functions
-      const schemaContent = customFunctionSQL.length > 0
-        ? entitySQL.join('\n') + '\n\n-- Custom Functions\n' + customFunctionSQL.join('\n\n')
-        : entitySQL.join('\n');
+      // Combine entity SQL with auth functions and custom functions
+      // Auth functions must come after schema (they depend on users table)
+      const authSQL = generateAuthSQL();
+      let schemaContent = entitySQL.join('\n');
+      schemaContent += '\n\n-- Auth Functions\n' + authSQL;
+      if (customFunctionSQL.length > 0) {
+        schemaContent += '\n\n-- Custom Functions\n' + customFunctionSQL.join('\n\n');
+      }
       writeFileSync(resolve(dbDir, `${timestamp}_schema.sql`), schemaContent);
 
       if (customFunctionSQL.length > 0) {

package/src/runtime/server.ts

@@ -53,8 +53,8 @@ export async function handleRequest(
   try {
     // Construct params array based on manifest definition
     // args: ["p_user_id", "p_data"] -> [$1, $2]
-    // args: ["p_params"] -> [$2] (since $2 is the data param)
-    // We map: p_user_id -> userId ($1), p_data/p_pk/p_params -> params ($2)
+    // args: ["p_email", "p_password"] -> extract from params object
+    // We map: p_user_id -> userId, p_data/p_pk/p_params -> params (jsonb), individual args -> params[key]
 
     const dbParams = [];
     const sqlArgs = [];
@@ -66,8 +66,16 @@ export async function handleRequest(
             dbParams.push(userId);
             sqlArgs.push(`$${dbParams.length}`);
         } else if (arg === 'p_data' || arg === 'p_pk' || arg === 'p_query' || arg === 'p_params') {
+            // Pass entire params object as jsonb
             dbParams.push(params);
             sqlArgs.push(`$${dbParams.length}`);
+        } else if (arg.startsWith('p_')) {
+            // Individual param: extract from params object by field name
+            // e.g., p_email -> params.email, p_password -> params.password, p_options -> params.options
+            const fieldName = arg.slice(2); // Remove 'p_' prefix
+            const value = params?.[fieldName];
+            dbParams.push(value !== undefined ? value : null);
+            sqlArgs.push(`$${dbParams.length}`);
         } else {
             // Unknown arg? Pass null
             dbParams.push(null);