npm - frappebun - Versions diffs - 0.0.0 - Mend

frappebun 0.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

package/README.md +72 -0
package/package.json +59 -0
package/src/api/auth.ts +76 -0
package/src/api/index.ts +10 -0
package/src/api/resource.ts +177 -0
package/src/api/route.ts +301 -0
package/src/app/index.ts +6 -0
package/src/app/loader.ts +218 -0
package/src/auth/auth.ts +247 -0
package/src/auth/index.ts +2 -0
package/src/cli/args.ts +40 -0
package/src/cli/bin.ts +12 -0
package/src/cli/commands/add-api.ts +32 -0
package/src/cli/commands/add-doctype.ts +43 -0
package/src/cli/commands/add-page.ts +33 -0
package/src/cli/commands/add-user.ts +96 -0
package/src/cli/commands/dev.ts +71 -0
package/src/cli/commands/drop-site.ts +27 -0
package/src/cli/commands/init.ts +98 -0
package/src/cli/commands/migrate.ts +110 -0
package/src/cli/commands/new-site.ts +61 -0
package/src/cli/commands/routes.ts +56 -0
package/src/cli/commands/use.ts +30 -0
package/src/cli/index.ts +73 -0
package/src/cli/log.ts +13 -0
package/src/cli/scaffold/templates.ts +189 -0
package/src/context.ts +162 -0
package/src/core/doctype/migration/migration.ts +17 -0
package/src/core/doctype/role/role.ts +7 -0
package/src/core/doctype/session/session.ts +16 -0
package/src/core/doctype/user/user.controller.ts +11 -0
package/src/core/doctype/user/user.ts +22 -0
package/src/core/doctype/user_role/user_role.ts +9 -0
package/src/core/doctypes.ts +25 -0
package/src/core/index.ts +1 -0
package/src/database/database.ts +359 -0
package/src/database/filters.ts +131 -0
package/src/database/index.ts +30 -0
package/src/database/query-builder.ts +1118 -0
package/src/database/schema.ts +188 -0
package/src/doctype/define.ts +45 -0
package/src/doctype/discovery.ts +57 -0
package/src/doctype/field.ts +160 -0
package/src/doctype/index.ts +20 -0
package/src/doctype/layout.ts +62 -0
package/src/doctype/query-builder-stub.ts +16 -0
package/src/doctype/registry.ts +106 -0
package/src/doctype/types.ts +407 -0
package/src/document/document.ts +593 -0
package/src/document/index.ts +6 -0
package/src/document/naming.ts +56 -0
package/src/errors.ts +53 -0
package/src/frappe.d.ts +128 -0
package/src/globals.ts +72 -0
package/src/index.ts +112 -0
package/src/migrations/index.ts +11 -0
package/src/migrations/runner.ts +256 -0
package/src/permissions/index.ts +265 -0
package/src/response.ts +100 -0
package/src/server.ts +210 -0
package/src/site.ts +126 -0
package/src/ssr/handler.ts +56 -0
package/src/ssr/index.ts +11 -0
package/src/ssr/page-loader.ts +200 -0
package/src/ssr/renderer.ts +94 -0
package/src/ssr/use-context.ts +41 -0

package/src/auth/auth.ts ADDED Viewed

@@ -0,0 +1,247 @@
+/**
+ * Authentication — cookie-based sessions, login/logout, password hashing, API key auth, CSRF.
+ */
+import { randomUUIDv7 } from "bun"
+import { createHash } from "node:crypto"
+import type { FrappeDatabase } from "../database/database"
+const SESSION_COOKIE = "sid"
+const SESSION_EXPIRY_HOURS = 24
+export interface SessionInfo {
+  user: string
+  sid?: string
+  csrfToken?: string
+}
+export interface LoginResult {
+  user: string
+  fullName: string
+  sid: string
+  csrfToken: string
+  /** Ready-to-send Set-Cookie header value */
+  cookie: string
+}
+// ─── Typed DB result shapes ────────────────────────────────
+interface UserRow {
+  email: string
+  fullName: string
+  password: string | null
+  enabled: number
+  apiKey: string | null
+  apiSecret: string | null
+}
+interface SessionRow {
+  name: string
+  user: string
+  sid: string
+  csrfToken: string | null
+}
+// ─── Public API ───────────────────────────────────────────
+/**
+ * Resolve the current user from an incoming request.
+ * Checks API key header first, then session cookie.
+ */
+export async function resolveAuth(req: Request, db: FrappeDatabase): Promise<SessionInfo> {
+  // 1. API key: Authorization: Token <key>:<secret>
+  const authHeader = req.headers.get("Authorization")
+  if (authHeader?.startsWith("Token ")) {
+    const token = authHeader.slice(6)
+    const colonIdx = token.indexOf(":")
+    if (colonIdx !== -1) {
+      const apiKey = token.slice(0, colonIdx)
+      const apiSecret = token.slice(colonIdx + 1)
+      const user = await verifyApiKey(apiKey, apiSecret, db)
+      if (user) return { user }
+    }
+    return { user: "Guest" }
+  }
+  // 2. Session cookie
+  const cookieHeader = req.headers.get("Cookie")
+  if (cookieHeader) {
+    const sid = parseCookieValue(cookieHeader, SESSION_COOKIE)
+    if (sid) {
+      const session = await getActiveSession(sid, db)
+      if (session) {
+        await db.setValue("Session", session.name, "lastActive", new Date().toISOString())
+        return {
+          user: session.user,
+          sid: session.sid,
+          csrfToken: session.csrfToken ?? undefined,
+        }
+      }
+    }
+  }
+  return { user: "Guest" }
+}
+/**
+ * Authenticate with email and password. Returns session info or null on failure.
+ */
+export async function login(
+  email: string,
+  password: string,
+  db: FrappeDatabase,
+  req?: Request,
+): Promise<LoginResult | null> {
+  const user = (await db.getValue("User", { email }, [
+    "email",
+    "fullName",
+    "password",
+    "enabled",
+  ])) as UserRow | null
+  if (!user || !user.enabled || !user.password) return null
+  const valid = await Bun.password.verify(password, user.password)
+  if (!valid) return null
+  const sid = randomUUIDv7()
+  const csrfToken = createHash("sha256")
+    .update(`${sid}-${Date.now()}-${Math.random()}`)
+    .digest("hex")
+    .slice(0, 32)
+  const now = new Date().toISOString()
+  const expiresAt = new Date(Date.now() + SESSION_EXPIRY_HOURS * 3_600_000).toISOString()
+  const sessionName = randomUUIDv7()
+  db.insertRow("Session", {
+    name: sessionName,
+    user: email,
+    sid,
+    device: req ? parseDevice(req) : "desktop",
+    ipAddress: req?.headers.get("X-Forwarded-For") ?? "",
+    userAgent: req?.headers.get("User-Agent") ?? "",
+    expiresAt,
+    lastActive: now,
+    status: "Active",
+    csrfToken,
+    creation: now,
+    modified: now,
+    modifiedBy: email,
+    owner: email,
+    docstatus: 0,
+    idx: 0,
+  })
+  await db.setValue("User", email, "lastLogin", now)
+  const cookie = `${SESSION_COOKIE}=${sid}; HttpOnly; SameSite=Lax; Path=/; Max-Age=${SESSION_EXPIRY_HOURS * 3600}`
+  return { user: email, fullName: user.fullName, sid, csrfToken, cookie }
+}
+/**
+ * Invalidate a session. Returns a cookie header that clears the client cookie.
+ */
+export async function logout(sid: string, db: FrappeDatabase): Promise<string> {
+  const session = await getActiveSession(sid, db)
+  if (session) {
+    await db.setValue("Session", session.name, "status", "Logged Out")
+  }
+  return `${SESSION_COOKIE}=; HttpOnly; SameSite=Lax; Path=/; Max-Age=0`
+}
+/**
+ * Hash a password with bcrypt.
+ */
+export async function hashPassword(password: string): Promise<string> {
+  return Bun.password.hash(password, { algorithm: "bcrypt", cost: 12 })
+}
+/**
+ * Verify CSRF token. Passes for GET/HEAD/OPTIONS, API key auth, and matching tokens.
+ */
+export function verifyCsrf(req: Request, expectedToken: string | undefined): boolean {
+  const method = req.method.toUpperCase()
+  if (method === "GET" || method === "HEAD" || method === "OPTIONS") return true
+  if (req.headers.get("Authorization")?.startsWith("Token ")) return true
+  if (!expectedToken) return true
+  return req.headers.get("X-Frappe-CSRF-Token") === expectedToken
+}
+/**
+ * Create the Administrator user if it doesn't already exist.
+ */
+export async function ensureAdminUser(db: FrappeDatabase, password = "admin"): Promise<void> {
+  const exists = await db.exists("User", "Administrator")
+  if (exists) return
+  const now = new Date().toISOString()
+  db.insertRow("User", {
+    name: "Administrator",
+    email: "Administrator",
+    fullName: "Administrator",
+    enabled: 1,
+    password: await hashPassword(password),
+    userType: "System User",
+    language: "en",
+    creation: now,
+    modified: now,
+    modifiedBy: "Administrator",
+    owner: "Administrator",
+    docstatus: 0,
+    idx: 0,
+  })
+}
+// ─── Internal helpers ──────────────────────────────────────
+async function getActiveSession(sid: string, db: FrappeDatabase): Promise<SessionRow | null> {
+  try {
+    const rows = await db.sql(
+      `SELECT "name", "user", "sid", "csrfToken" FROM "Session" WHERE "sid" = ? AND "status" = 'Active' AND "expiresAt" > ? LIMIT 1`,
+      [sid, new Date().toISOString()],
+    )
+    const row = rows[0]
+    if (!row) return null
+    return {
+      name: String(row["name"]),
+      user: String(row["user"]),
+      sid: String(row["sid"]),
+      csrfToken: row["csrfToken"] != null ? String(row["csrfToken"]) : null,
+    }
+  } catch {
+    return null
+  }
+}
+async function verifyApiKey(
+  apiKey: string,
+  apiSecret: string,
+  db: FrappeDatabase,
+): Promise<string | null> {
+  try {
+    const user = (await db.getValue("User", { apiKey }, ["email", "apiSecret", "enabled"])) as Pick<
+      UserRow,
+      "email" | "apiSecret" | "enabled"
+    > | null
+    if (!user?.enabled || !user.apiSecret) return null
+    return (await Bun.password.verify(apiSecret, user.apiSecret)) ? user.email : null
+  } catch {
+    return null
+  }
+}
+function parseCookieValue(cookieHeader: string, name: string): string | undefined {
+  for (const cookie of cookieHeader.split(";")) {
+    const eqIdx = cookie.indexOf("=")
+    if (eqIdx === -1) continue
+    const key = cookie.slice(0, eqIdx).trim()
+    if (key === name) return cookie.slice(eqIdx + 1).trim()
+  }
+  return undefined
+}
+function parseDevice(req: Request): string {
+  return /mobile/i.test(req.headers.get("User-Agent") ?? "") ? "mobile" : "desktop"
+}

package/src/auth/index.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { resolveAuth, login, logout, hashPassword, verifyCsrf, ensureAdminUser } from "./auth"
2	+ export type { SessionInfo } from "./auth"

package/src/cli/args.ts ADDED Viewed

@@ -0,0 +1,40 @@
+/**
+ * Tiny argv parser. Supports positional args and `--flag [value]`.
+ */
+export interface CliArgs {
+  positional: string[]
+  flags: Record<string, string | boolean>
+}
+export function parseArgs(argv: string[]): CliArgs {
+  const positional: string[] = []
+  const flags: Record<string, string | boolean> = {}
+  for (let i = 0; i < argv.length; i++) {
+    const arg = argv[i]!
+    if (arg.startsWith("--")) {
+      const key = arg.slice(2)
+      const next = argv[i + 1]
+      if (next && !next.startsWith("--")) {
+        flags[key] = next
+        i++
+      } else {
+        flags[key] = true
+      }
+    } else {
+      positional.push(arg)
+    }
+  }
+  return { positional, flags }
+}
+export function flagString(args: CliArgs, key: string, fallback?: string): string | undefined {
+  const v = args.flags[key]
+  return typeof v === "string" ? v : fallback
+}
+export function flagBool(args: CliArgs, key: string): boolean {
+  return args.flags[key] === true || args.flags[key] === "true"
+}

package/src/cli/bin.ts ADDED Viewed

@@ -0,0 +1,12 @@
+#!/usr/bin/env bun
+/**
+ * frappe — CLI entry point (bin shim).
+ * This file is the `bin.frappe` target in package.json.
+ */
+import { main } from "./index.ts"
+main().catch((err: unknown) => {
+  console.error(err instanceof Error ? err.message : String(err))
+  process.exit(1)
+})

package/src/cli/commands/add-api.ts ADDED Viewed

@@ -0,0 +1,32 @@
+/**
+ * `frappe add-api <name>` — scaffold a new API route file.
+ */
+import { existsSync, mkdirSync, writeFileSync } from "node:fs"
+import { join } from "node:path"
+import { findProjectRoot, readAppMetadata } from "../../app/loader"
+import type { CliArgs } from "../args"
+import { log } from "../log"
+import { apiRouteTpl } from "../scaffold/templates"
+export function addApi(moduleDir: string, name: string): string {
+  const rel = `api/${name}.ts`
+  const file = join(moduleDir, rel)
+  if (existsSync(file)) throw new Error(`API file already exists: ${rel}`)
+  mkdirSync(join(file, ".."), { recursive: true })
+  writeFileSync(file, apiRouteTpl())
+  return rel
+}
+export async function run(args: CliArgs): Promise<void> {
+  const name = args.positional[0]
+  if (!name) {
+    log.error("Usage: frappe add-api <name>")
+    process.exit(1)
+  }
+  const root = findProjectRoot()
+  const app = readAppMetadata(root)
+  const created = addApi(join(root, app.name), name)
+  log.success(`${app.name}/${created}`)
+}

package/src/cli/commands/add-doctype.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * `frappe add-doctype <Name>` — scaffold a DocType directory + schema + controller.
+ */
+import { existsSync, mkdirSync, writeFileSync } from "node:fs"
+import { join } from "node:path"
+import { findProjectRoot, readAppMetadata } from "../../app/loader"
+import type { CliArgs } from "../args"
+import { log } from "../log"
+import { doctypeControllerTpl, doctypeSchemaTpl, slugify } from "../scaffold/templates"
+export interface AddDocTypeOptions {
+  moduleDir: string
+  /** Display name — e.g. "Sales Invoice". */
+  name: string
+}
+export function addDocType(opts: AddDocTypeOptions): string[] {
+  const slug = slugify(opts.name)
+  const dir = join(opts.moduleDir, "doctype", slug)
+  if (existsSync(dir)) throw new Error(`DocType already exists: ${slug}`)
+  mkdirSync(dir, { recursive: true })
+  writeFileSync(join(dir, `${slug}.ts`), doctypeSchemaTpl(opts.name))
+  writeFileSync(join(dir, `${slug}.controller.ts`), doctypeControllerTpl(opts.name))
+  return [`${slug}/${slug}.ts`, `${slug}/${slug}.controller.ts`]
+}
+export async function run(args: CliArgs): Promise<void> {
+  const name = args.positional[0]
+  if (!name) {
+    log.error('Usage: frappe add-doctype "<Name>"')
+    process.exit(1)
+  }
+  const root = findProjectRoot()
+  const app = readAppMetadata(root)
+  const moduleDir = join(root, app.name)
+  const created = addDocType({ moduleDir, name })
+  for (const f of created) log.success(`${app.name}/doctype/${f}`)
+}

package/src/cli/commands/add-page.ts ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * `frappe add-page <path>` — scaffold a new SSR page.
+ */
+import { existsSync, mkdirSync, writeFileSync } from "node:fs"
+import { join } from "node:path"
+import { findProjectRoot, readAppMetadata } from "../../app/loader"
+import type { CliArgs } from "../args"
+import { log } from "../log"
+import { pageTpl } from "../scaffold/templates"
+export function addPage(moduleDir: string, pagePath: string): string {
+  const normalized = pagePath.replace(/^\/+/, "").replace(/\.vue$/, "")
+  const rel = `pages/${normalized}.vue`
+  const file = join(moduleDir, rel)
+  if (existsSync(file)) throw new Error(`Page already exists: ${rel}`)
+  mkdirSync(join(file, ".."), { recursive: true })
+  writeFileSync(file, pageTpl())
+  return rel
+}
+export async function run(args: CliArgs): Promise<void> {
+  const path = args.positional[0]
+  if (!path) {
+    log.error("Usage: frappe add-page <path>")
+    process.exit(1)
+  }
+  const root = findProjectRoot()
+  const app = readAppMetadata(root)
+  const created = addPage(join(root, app.name), path)
+  log.success(`${app.name}/${created}`)
+}

package/src/cli/commands/add-user.ts ADDED Viewed

@@ -0,0 +1,96 @@
+/**
+ * `frappe add-user <email> [--name "Full Name"] [--password pw] [--site name]`
+ *
+ * Creates a User record in the site's database. Useful for local testing
+ * of login flows without needing the admin UI.
+ *
+ * Examples:
+ *   frappe add-user john@example.com
+ *   frappe add-user john@example.com --name "John Doe" --password secret123
+ *   frappe add-user john@example.com --site staging.localhost
+ */
+import { join } from "node:path"
+import { findProjectRoot } from "../../app/loader"
+import { hashPassword } from "../../auth/auth"
+import { registerCoreDocTypes } from "../../core/doctypes"
+import { FrappeDatabase } from "../../database/database"
+import { installGlobals } from "../../globals"
+import { getDefaultSite } from "../../site"
+import { flagString, type CliArgs } from "../args"
+import { log } from "../log"
+export interface AddUserOptions {
+  db: FrappeDatabase
+  email: string
+  fullName?: string
+  password?: string
+}
+export async function addUser(opts: AddUserOptions): Promise<void> {
+  const { db, email } = opts
+  const fullName = opts.fullName ?? email.split("@")[0] ?? email
+  const password = opts.password ?? "admin"
+  const exists = await db.exists("User", { email })
+  if (exists) throw new Error(`User "${email}" already exists`)
+  const now = new Date().toISOString()
+  db.insertRow("User", {
+    name: email,
+    email,
+    fullName,
+    enabled: 1,
+    password: await hashPassword(password),
+    userType: "System User",
+    language: "en",
+    creation: now,
+    modified: now,
+    modifiedBy: "Administrator",
+    owner: "Administrator",
+    docstatus: 0,
+    idx: 0,
+  })
+}
+export async function run(args: CliArgs): Promise<void> {
+  const email = args.positional[0]
+  if (!email) {
+    log.error(
+      "Usage: frappe add-user <email> [--name <full name>] [--password <pw>] [--site <name>]",
+    )
+    process.exit(1)
+  }
+  const root = findProjectRoot()
+  const sitesDir = join(root, "sites")
+  const fullName = flagString(args, "name")
+  const password = flagString(args, "password")
+  // Resolve site — honour --site flag, otherwise fall back to default site.
+  const siteName = flagString(args, "site") ?? getDefaultSite(sitesDir)
+  if (!siteName) {
+    log.error(
+      "Could not determine site. Use --site <name> or set default_site in common_site_config.json.",
+    )
+    process.exit(1)
+  }
+  installGlobals()
+  await registerCoreDocTypes()
+  const dbPath = join(sitesDir, siteName, "site.db")
+  const db = new FrappeDatabase(dbPath)
+  try {
+    db.migrate()
+    await addUser({ db, email, fullName, password })
+    log.info(``)
+    log.success(`${email} created on ${siteName}`)
+    if (!password) log.info(`    password: admin  (use --password to set a custom one)`)
+    log.info(``)
+  } finally {
+    db.close()
+  }
+}

package/src/cli/commands/dev.ts ADDED Viewed

@@ -0,0 +1,71 @@
+/**
+ * `frappe dev` — load the app, migrate all sites, boot the server.
+ *
+ * Phase 2 scope: no file watching or HMR.
+ */
+import { join } from "node:path"
+import { findProjectRoot, loadApp } from "../../app/loader"
+import { registerCoreDocTypes } from "../../core/doctypes"
+import { installGlobals } from "../../globals"
+import { createServer } from "../../server"
+import { createPageMatcher } from "../../ssr/handler"
+import { loadPages } from "../../ssr/page-loader"
+import { flagString, type CliArgs } from "../args"
+import { log } from "../log"
+import { migrate, discoverSites } from "./migrate"
+export async function run(args: CliArgs): Promise<void> {
+  const root = args.flags["root"] ? String(args.flags["root"]) : findProjectRoot()
+  const port = Number(flagString(args, "port", process.env["PORT"] ?? "8000"))
+  const onlySite = flagString(args, "site")
+  const sitesDir = join(root, "sites")
+  installGlobals()
+  await registerCoreDocTypes()
+  // ── Load app ──────────────────────────────────────────
+  const app = await loadApp(root)
+  const dtLabel = plural(app.loaded.doctypes, "DocType")
+  const apiLabel = plural(app.loaded.apiRoutes, "API route")
+  const pageLabel = plural(app.loaded.pages, "page")
+  log.info(``)
+  log.info(`  ${app.metadata.title}`)
+  log.info(`  ${dtLabel}  ·  ${apiLabel}  ·  ${pageLabel}`)
+  // ── Migrate ───────────────────────────────────────────
+  log.info(``)
+  const sites = onlySite ? [onlySite] : discoverSites(sitesDir)
+  const migrationResults = await migrate({ root, sitesDir, site: onlySite, quiet: true })
+  for (const { site, ran, failed } of migrationResults) {
+    if (failed) {
+      log.error(`  ${site}  —  migration failed`)
+    } else if (ran > 0) {
+      log.success(`  ${site}  —  ${plural(ran, "migration")} applied`)
+    } else {
+      log.success(`  ${site}  —  schema up to date`)
+    }
+  }
+  // ── Boot server ───────────────────────────────────────
+  const pages = await loadPages(app.moduleDir)
+  const pageMatcher = createPageMatcher(pages)
+  const server = await createServer({ port, sitesDir, pageMatcher, pageTitle: app.metadata.title })
+  log.info(``)
+  log.info(`  Ready on port ${server.port}`)
+  log.info(``)
+  for (const site of sites) {
+    log.info(`    http://${site}:${server.port}`)
+  }
+  log.info(``)
+}
+// ─── Helpers ──────────────────────────────────────────────
+function plural(n: number, word: string): string {
+  return `${n} ${word}${n === 1 ? "" : "s"}`
+}

package/src/cli/commands/drop-site.ts ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * `frappe drop-site <name>` — delete a site directory and its database.
+ */
+import { existsSync, rmSync } from "node:fs"
+import { join } from "node:path"
+import { findProjectRoot } from "../../app/loader"
+import type { CliArgs } from "../args"
+import { log } from "../log"
+export function dropSite(sitesDir: string, site: string): void {
+  const siteDir = join(sitesDir, site)
+  if (!existsSync(siteDir)) throw new Error(`Site does not exist: ${site}`)
+  rmSync(siteDir, { recursive: true, force: true })
+}
+export async function run(args: CliArgs): Promise<void> {
+  const site = args.positional[0]
+  if (!site) {
+    log.error("Usage: frappe drop-site <name>")
+    process.exit(1)
+  }
+  const sitesDir = join(findProjectRoot(), "sites")
+  dropSite(sitesDir, site)
+  log.success(`dropped ${site}`)
+}