lazyconvex 0.0.0

package/src/server/file.ts

@@ -0,0 +1,372 @@
+import type { ActionBuilder, GenericDataModel, MutationBuilder, QueryBuilder } from 'convex/server'
+
+import { anyApi } from 'convex/server'
+import { ConvexError, v } from 'convex/values'
+
+import type { DbLike, ErrorCode, FilterLike, IndexLike, Rec } from './types'
+
+import { isTestMode } from './test'
+
+interface FileActionCtx {
+  runMutation: (...a: unknown[]) => Promise<unknown>
+  runQuery: (...a: unknown[]) => Promise<unknown>
+  storage: FileStor
+}
+
+interface FileCtx {
+  db: DbLike
+  storage: FileStor
+}
+interface FileStor {
+  delete: (id: string) => Promise<void>
+  generateUploadUrl: () => Promise<string>
+  get: (id: string) => Promise<Blob | null>
+  getUrl: (id: string) => Promise<null | string>
+  store: (blob: Blob) => Promise<string>
+}
+
+interface FileUploadConfig<DM extends GenericDataModel = GenericDataModel> {
+  action: ActionBuilder<DM, 'public'>
+  allowedTypes?: Set<string>
+  getAuthUserId: (ctx: unknown) => Promise<null | string>
+  internalMutation: MutationBuilder<DM, 'internal'>
+  internalQuery: QueryBuilder<DM, 'internal'>
+  maxFileSize?: number
+  mutation: MutationBuilder<DM, 'public'>
+  namespace: string
+  query: QueryBuilder<DM, 'public'>
+}
+
+const DEFAULT_ALLOWED_TYPES = new Set([
+    'application/json',
+    'application/msword',
+    'application/pdf',
+    'application/vnd.ms-excel',
+    'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+    'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+    'image/gif',
+    'image/jpeg',
+    'image/png',
+    'image/svg+xml',
+    'image/webp',
+    'text/csv',
+    'text/plain'
+  ]),
+  DEFAULT_MAX_FILE_SIZE = 10 * 1024 * 1024,
+  CHUNK_SIZE = 5 * 1024 * 1024,
+  RATE_LIMIT_WINDOW = 60 * 1000,
+  MAX_UPLOADS_PER_WINDOW = 10,
+  cvErr = (code: ErrorCode, message?: string) => new ConvexError(message ? { code, message } : { code }),
+  makeFileUpload = <DM extends GenericDataModel>(config: FileUploadConfig<DM>) => {
+    const {
+        action,
+        allowedTypes = DEFAULT_ALLOWED_TYPES,
+        getAuthUserId,
+        internalMutation,
+        internalQuery,
+        maxFileSize = DEFAULT_MAX_FILE_SIZE,
+        mutation,
+        namespace,
+        query
+      } = config,
+      tPath = (anyApi as Rec)[namespace] as Rec,
+      authUserId = async (ctx: unknown) => getAuthUserId(ctx),
+      validateFileType = async (
+        storage: { delete: (id: string) => Promise<void> },
+        id: string,
+        contentType: string | undefined
+      ) => {
+        if (!allowedTypes.has(contentType ?? '')) {
+          await storage.delete(id)
+          throw cvErr('INVALID_FILE_TYPE', `File type ${contentType} not allowed`)
+        }
+      },
+      validateFileSize = async (storage: { delete: (id: string) => Promise<void> }, id: string, size: number) => {
+        if (size > maxFileSize) {
+          await storage.delete(id)
+          throw cvErr('FILE_TOO_LARGE', `File size ${size} exceeds ${maxFileSize} bytes`)
+        }
+      },
+      checkRateLimit = async (db: DbLike, userId: string) => {
+        const now = Date.now(),
+          cutoff = now - RATE_LIMIT_WINDOW,
+          recent = await db
+            .query('uploadRateLimit')
+            .withIndex('by_user', ((q: IndexLike) => q.eq('userId', userId)) as never)
+            .filter((q: FilterLike) => q.gte(q.field('timestamp'), cutoff))
+            .collect()
+        if (recent.length >= MAX_UPLOADS_PER_WINDOW) throw cvErr('RATE_LIMITED')
+        await db.insert('uploadRateLimit', { timestamp: now, userId })
+        const old = await db
+          .query('uploadRateLimit')
+          .withIndex('by_user', ((q: IndexLike) => q.eq('userId', userId)) as never)
+          .filter((q: FilterLike) => q.lt(q.field('timestamp'), cutoff))
+          .collect()
+        await Promise.all(old.map(async (r: Rec) => db.delete(r._id as string)))
+      },
+      upload = mutation({
+        handler: async (c: FileCtx) => {
+          const userId = await authUserId(c)
+          if (!userId) throw cvErr('NOT_AUTHENTICATED')
+          if (!isTestMode()) await checkRateLimit(c.db, userId)
+          return c.storage.generateUploadUrl()
+        }
+      } as never),
+      validate = mutation({
+        args: { id: v.id('_storage') },
+        handler: async (c: FileCtx, { id }: { id: string }) => {
+          const userId = await authUserId(c)
+          if (!userId) throw cvErr('NOT_AUTHENTICATED')
+          const meta = await c.db.system.get(id)
+          if (!meta) throw cvErr('FILE_NOT_FOUND')
+          await validateFileType(c.storage, id, meta.contentType as string)
+          await validateFileSize(c.storage, id, meta.size as number)
+          return { contentType: meta.contentType, size: meta.size, valid: true }
+        }
+      } as never),
+      info = query({
+        args: { id: v.id('_storage') },
+        handler: async (c: FileCtx, { id }: { id: string }) => {
+          const userId = await authUserId(c)
+          if (!userId) throw cvErr('NOT_AUTHENTICATED')
+          const [meta, url] = await Promise.all([c.db.system.get(id), c.storage.getUrl(id)])
+          return meta ? { ...meta, url } : null
+        }
+      } as never),
+      startChunkedUpload = mutation({
+        args: {
+          contentType: v.string(),
+          fileName: v.string(),
+          totalChunks: v.number(),
+          totalSize: v.number()
+        },
+        handler: async (
+          c: FileCtx,
+          {
+            contentType,
+            fileName,
+            totalChunks,
+            totalSize
+          }: { contentType: string; fileName: string; totalChunks: number; totalSize: number }
+        ) => {
+          const userId = await authUserId(c)
+          if (!userId) throw cvErr('NOT_AUTHENTICATED')
+          if (!isTestMode()) await checkRateLimit(c.db, userId)
+          if (!allowedTypes.has(contentType)) throw cvErr('INVALID_FILE_TYPE', `File type ${contentType} not allowed`)
+          if (totalSize > maxFileSize) throw cvErr('FILE_TOO_LARGE', `File size ${totalSize} exceeds ${maxFileSize} bytes`)
+          const uploadId = `${userId}_${Date.now()}_${Math.random().toString(36).slice(2)}`
+          await c.db.insert('uploadSession', {
+            completedChunks: 0,
+            contentType,
+            fileName,
+            status: 'pending',
+            totalChunks,
+            totalSize,
+            uploadId,
+            userId
+          })
+          return { uploadId }
+        }
+      } as never),
+      uploadChunk = mutation({
+        args: {
+          chunkIndex: v.number(),
+          uploadId: v.string()
+        },
+        handler: async (c: FileCtx, { chunkIndex, uploadId }: { chunkIndex: number; uploadId: string }) => {
+          const userId = await authUserId(c)
+          if (!userId) throw cvErr('NOT_AUTHENTICATED')
+          const session = await c.db
+            .query('uploadSession')
+            .withIndex('by_upload_id', ((q: IndexLike) => q.eq('uploadId', uploadId)) as never)
+            .unique()
+          if (!session) throw cvErr('SESSION_NOT_FOUND')
+          if (session.userId !== userId) throw cvErr('UNAUTHORIZED')
+          if (session.status !== 'pending') throw cvErr('INVALID_SESSION_STATE')
+          const existing = await c.db
+            .query('uploadChunk')
+            .withIndex('by_upload', ((q: IndexLike) => q.eq('uploadId', uploadId)) as never)
+            .filter((q: FilterLike) => q.eq(q.field('chunkIndex'), chunkIndex))
+            .unique()
+          if (existing) throw cvErr('CHUNK_ALREADY_UPLOADED')
+          return c.storage.generateUploadUrl()
+        }
+      } as never),
+      confirmChunk = mutation({
+        args: {
+          chunkIndex: v.number(),
+          storageId: v.id('_storage'),
+          uploadId: v.string()
+        },
+        handler: async (
+          c: FileCtx,
+          { chunkIndex, storageId, uploadId }: { chunkIndex: number; storageId: string; uploadId: string }
+        ) => {
+          const userId = await authUserId(c)
+          if (!userId) throw cvErr('NOT_AUTHENTICATED')
+          const session = await c.db
+            .query('uploadSession')
+            .withIndex('by_upload_id', ((q: IndexLike) => q.eq('uploadId', uploadId)) as never)
+            .unique()
+          if (!session) throw cvErr('SESSION_NOT_FOUND')
+          if (session.userId !== userId) throw cvErr('UNAUTHORIZED')
+          await c.db.insert('uploadChunk', {
+            chunkIndex,
+            storageId,
+            totalChunks: session.totalChunks,
+            uploadId,
+            userId
+          })
+          const chunks = await c.db
+            .query('uploadChunk')
+            .withIndex('by_upload', ((q: IndexLike) => q.eq('uploadId', uploadId)) as never)
+            .collect()
+          await c.db.patch(session._id as string, {
+            completedChunks: chunks.length
+          })
+          const allUploaded = chunks.length === session.totalChunks
+          return {
+            allUploaded,
+            completedChunks: chunks.length,
+            totalChunks: session.totalChunks
+          }
+        }
+      } as never),
+      getSessionForAssembly = internalQuery({
+        args: { uploadId: v.string() },
+        handler: async (c: { db: DbLike }, { uploadId }: { uploadId: string }) => {
+          const session = await c.db
+            .query('uploadSession')
+            .withIndex('by_upload_id', ((q: IndexLike) => q.eq('uploadId', uploadId)) as never)
+            .unique()
+          if (!session) return null
+          const chunks = await c.db
+            .query('uploadChunk')
+            .withIndex('by_upload', ((q: IndexLike) => q.eq('uploadId', uploadId)) as never)
+            .collect()
+          if (chunks.length !== session.totalChunks) throw cvErr('INCOMPLETE_UPLOAD')
+          return { ...session, chunks }
+        }
+      } as never),
+      finalizeAssembly = internalMutation({
+        args: {
+          chunkStorageIds: v.array(v.id('_storage')),
+          finalStorageId: v.id('_storage'),
+          uploadId: v.string()
+        },
+        handler: async (
+          c: FileCtx,
+          {
+            chunkStorageIds,
+            finalStorageId,
+            uploadId
+          }: { chunkStorageIds: string[]; finalStorageId: string; uploadId: string }
+        ) => {
+          const session = await c.db
+            .query('uploadSession')
+            .withIndex('by_upload_id', ((q: IndexLike) => q.eq('uploadId', uploadId)) as never)
+            .unique()
+          if (!session) throw cvErr('SESSION_NOT_FOUND')
+          await c.db.patch(session._id as string, { finalStorageId, status: 'completed' })
+          const chunks = await c.db
+            .query('uploadChunk')
+            .withIndex('by_upload', ((q: IndexLike) => q.eq('uploadId', uploadId)) as never)
+            .collect()
+          await Promise.all([
+            ...chunkStorageIds.map(async (id: string) => c.storage.delete(id)),
+            ...chunks.map(async (chunk: Rec) => c.db.delete(chunk._id as string))
+          ])
+        }
+      } as never),
+      assembleChunks = action({
+        args: { uploadId: v.string() },
+        handler: async (
+          c: FileActionCtx,
+          { uploadId }: { uploadId: string }
+        ): Promise<{ contentType: string; size: number; storageId: string }> => {
+          const session = (await c.runQuery(tPath.getSessionForAssembly, { uploadId })) as null | Rec
+          if (!session) throw cvErr('SESSION_NOT_FOUND')
+          if (session.status !== 'pending') throw cvErr('INVALID_SESSION_STATE')
+          const sortedChunks = (session.chunks as Rec[]).toSorted(
+              (a: Rec, b: Rec) => (a.chunkIndex as number) - (b.chunkIndex as number)
+            ),
+            chunkBlobs = await Promise.all(
+              sortedChunks.map(async (chunk: Rec) => {
+                const blob = await c.storage.get(chunk.storageId as string)
+                if (!blob) throw cvErr('CHUNK_NOT_FOUND')
+                return blob
+              })
+            ),
+            combinedBlob = new Blob(chunkBlobs, { type: session.contentType as string }),
+            finalStorageId = await c.storage.store(combinedBlob)
+          await c.runMutation(tPath.finalizeAssembly, {
+            chunkStorageIds: sortedChunks.map((ch: Rec) => ch.storageId),
+            finalStorageId,
+            uploadId
+          })
+          return {
+            contentType: session.contentType as string,
+            size: session.totalSize as number,
+            storageId: finalStorageId
+          }
+        }
+      } as never),
+      cancelChunkedUpload = mutation({
+        args: { uploadId: v.string() },
+        handler: async (c: FileCtx, { uploadId }: { uploadId: string }) => {
+          const userId = await authUserId(c)
+          if (!userId) throw cvErr('NOT_AUTHENTICATED')
+          const session = await c.db
+            .query('uploadSession')
+            .withIndex('by_upload_id', ((q: IndexLike) => q.eq('uploadId', uploadId)) as never)
+            .unique()
+          if (!session) throw cvErr('SESSION_NOT_FOUND')
+          if (session.userId !== userId) throw cvErr('UNAUTHORIZED')
+          const chunks = await c.db
+            .query('uploadChunk')
+            .withIndex('by_upload', ((q: IndexLike) => q.eq('uploadId', uploadId)) as never)
+            .collect()
+          await Promise.all(chunks.map(async (chunk: Rec) => c.storage.delete(chunk.storageId as string)))
+          await Promise.all(chunks.map(async (chunk: Rec) => c.db.delete(chunk._id as string)))
+          await c.db.patch(session._id as string, { status: 'failed' })
+          return { cancelled: true }
+        }
+      } as never),
+      getUploadProgress = query({
+        args: { uploadId: v.string() },
+        handler: async (c: { db: DbLike }, { uploadId }: { uploadId: string }) => {
+          const userId = await authUserId(c)
+          if (!userId) throw cvErr('NOT_AUTHENTICATED')
+          const session = await c.db
+            .query('uploadSession')
+            .withIndex('by_upload_id', ((q: IndexLike) => q.eq('uploadId', uploadId)) as never)
+            .unique()
+          if (!session) return null
+          if (session.userId !== userId) throw cvErr('UNAUTHORIZED')
+          return {
+            completedChunks: session.completedChunks,
+            finalStorageId: session.finalStorageId,
+            progress: Math.round(((session.completedChunks as number) / (session.totalChunks as number)) * 100),
+            status: session.status,
+            totalChunks: session.totalChunks
+          }
+        }
+      } as never)
+    return {
+      assembleChunks,
+      cancelChunkedUpload,
+      CHUNK_SIZE,
+      confirmChunk,
+      finalizeAssembly,
+      getSessionForAssembly,
+      getUploadProgress,
+      info,
+      startChunkedUpload,
+      upload,
+      uploadChunk,
+      validate
+    }
+  }
+
+export type { FileUploadConfig }
+export { CHUNK_SIZE, makeFileUpload }

package/src/server/helpers.ts

@@ -0,0 +1,214 @@
+/* eslint-disable no-await-in-loop, no-continue, max-statements */
+// biome-ignore-all lint/performance/noAwaitInLoops: x
+// biome-ignore-all lint/nursery/noContinue: x
+import type { ZodRawShape } from 'zod/v4'
+
+import { ConvexError } from 'convex/values'
+import { nullable, number, object, string } from 'zod/v4'
+
+import type {
+  ChildConfig,
+  ComparisonOp,
+  DbLike,
+  ErrorCode,
+  FID,
+  MutationCtxLike,
+  PaginationOptsShape,
+  QueryCtxLike,
+  StorageLike,
+  WithUrls
+} from './types'
+
+import { cvFileKindOf } from '../zod'
+
+const log = (level: 'debug' | 'error' | 'info' | 'warn', msg: string, data?: Record<string, unknown>) => {
+    console[level](JSON.stringify({ level, msg, ts: Date.now(), ...data }))
+  },
+  isRecord = (v: unknown): v is Record<string, unknown> => Boolean(v) && typeof v === 'object',
+  isComparisonOp = (val: unknown): val is ComparisonOp<unknown> =>
+    typeof val === 'object' &&
+    val !== null &&
+    ('$gt' in val || '$gte' in val || '$lt' in val || '$lte' in val || '$between' in val),
+  pgOpts = object({
+    cursor: nullable(string()),
+    endCursor: nullable(string()).optional(),
+    id: number().optional(),
+    maximumBytesRead: number().optional(),
+    maximumRowsRead: number().optional(),
+    numItems: number()
+  } satisfies PaginationOptsShape),
+  cascadeFor = (
+    parent: string,
+    children: Record<string, ChildConfig>
+  ): {
+    foreignKey: string
+    table: string
+  }[] => {
+    const result: { foreignKey: string; table: string }[] = []
+    for (const [table, c] of Object.entries(children))
+      if (c.parent === parent) result.push({ foreignKey: c.foreignKey, table })
+    return result
+  },
+  detectFiles = <S extends ZodRawShape>(s: S) => (Object.keys(s) as (keyof S & string)[]).filter(k => cvFileKindOf(s[k])),
+  err = (code: ErrorCode, debug?: string): never => {
+    throw new ConvexError(debug ? { code, debug } : { code })
+  },
+  noFetcher = (): never => err('NO_FETCHER'),
+  time = () => ({ updatedAt: Date.now() }),
+  getUser = async ({
+    ctx,
+    db,
+    getAuthUserId
+  }: {
+    ctx: MutationCtxLike | QueryCtxLike
+    db: DbLike
+    getAuthUserId: (c: never) => Promise<null | string>
+  }): Promise<Record<string, unknown> & { _id: string }> => {
+    const uid = await getAuthUserId(ctx as never)
+    if (!uid) return err('NOT_AUTHENTICATED')
+    const u = await db.get(uid)
+    return (u ?? err('USER_NOT_FOUND')) as Record<string, unknown> & { _id: string }
+  },
+  ownGet =
+    (db: DbLike, userId: string) =>
+    async (id: string): Promise<Record<string, unknown>> => {
+      const d = await db.get(id)
+      return d && (d as { userId?: string }).userId === userId ? d : err('NOT_FOUND')
+    },
+  readCtx = <D = DbLike, S = StorageLike>({ db, storage, viewerId }: { db: D; storage: S; viewerId: null | string }) => ({
+    db,
+    storage,
+    viewerId,
+    withAuthor: async <T extends { userId: string }>(docs: T[]) => {
+      const ids = [...new Set(docs.map(d => d.userId))],
+        users = await Promise.all(ids.map(async id => (db as DbLike).get(id))),
+        map = new Map(ids.map((id, i) => [id, users[i]] as const))
+      return docs.map(d => ({ ...d, author: map.get(d.userId) ?? null, own: viewerId ? viewerId === d.userId : null }))
+    }
+  }),
+  toId = (x: unknown): FID | null => (typeof x === 'string' ? (x as FID) : null),
+  cleanFiles = async (opts: {
+    doc: Record<string, unknown>
+    fileFields: string[]
+    next?: Record<string, unknown>
+    storage: StorageLike
+  }) => {
+    const { doc, fileFields, next, storage } = opts
+    if (!fileFields.length) return
+    const del = new Set<FID>()
+    for (const f of fileFields) {
+      const prev = doc[f]
+      if (prev === null) continue
+      const pArr = Array.isArray(prev) ? prev : [prev]
+      if (!next) {
+        for (const p of pArr) {
+          const id = toId(p)
+          if (id) del.add(id)
+        }
+        continue
+      }
+      if (!Object.hasOwn(next, f)) continue
+      const nv = next[f],
+        keep = new Set(Array.isArray(nv) ? nv : nv ? [nv] : [])
+      for (const p of pArr)
+        if (!keep.has(p as FID)) {
+          const id = toId(p)
+          if (id) del.add(id)
+        }
+    }
+    if (del.size) await Promise.all([...del].map(async id => storage.delete(id)))
+  },
+  addUrls = async <D extends Record<string, unknown>>({
+    doc,
+    fileFields,
+    storage
+  }: {
+    doc: D
+    fileFields: string[]
+    storage: StorageLike
+  }): Promise<WithUrls<D>> => {
+    if (!fileFields.length) return doc as WithUrls<D>
+    const o = { ...doc } as Record<string, unknown>,
+      getUrl = async (x: unknown) => {
+        const id = toId(x)
+        return id ? storage.getUrl(id) : null
+      }
+    for (const f of fileFields) {
+      const fv = doc[f]
+      if (fv !== null)
+        o[Array.isArray(fv) ? `${f}Urls` : `${f}Url`] = Array.isArray(fv)
+          ? await Promise.all(fv.map(getUrl))
+          : await getUrl(fv)
+    }
+    return o as WithUrls<D>
+  },
+  matchField = (docVal: unknown, filterVal: unknown): boolean => {
+    if (isComparisonOp(filterVal)) {
+      const dv = docVal as number
+      if (filterVal.$gt !== undefined && !(dv > (filterVal.$gt as number))) return false
+      if (filterVal.$gte !== undefined && !(dv >= (filterVal.$gte as number))) return false
+      if (filterVal.$lt !== undefined && !(dv < (filterVal.$lt as number))) return false
+      if (filterVal.$lte !== undefined && !(dv <= (filterVal.$lte as number))) return false
+      if (filterVal.$between !== undefined) {
+        const [min, max] = filterVal.$between as [number, number]
+        if (!(dv >= min && dv <= max)) return false
+      }
+      return true
+    }
+    return Object.is(docVal, filterVal)
+  },
+  groupList = <WG extends Record<string, unknown> & { own?: boolean }>(w?: WG & { or?: WG[] }): WG[] =>
+    w
+      ? [{ ...w, or: undefined } as WG, ...(w.or ?? [])].filter(
+          g => g.own ?? Object.keys(g).some(k => k !== 'own' && g[k] !== undefined)
+        )
+      : [],
+  matchW = <WG extends Record<string, unknown> & { own?: boolean }>(
+    doc: Record<string, unknown>,
+    w: undefined | (WG & { or?: WG[] }),
+    vid?: null | string
+  ) => {
+    const gs = groupList(w)
+    if (!gs.length) return true
+    for (const g of gs) {
+      const ok = Object.entries(g).every(
+        ([k, vl]: [string, unknown]) => k === 'own' || vl === undefined || matchField(doc[k], vl)
+      )
+      if (ok && (!g.own || vid === (doc as { userId?: string }).userId)) return true
+    }
+    return false
+  },
+  pickFields = (data: Record<string, unknown>, keys: string[]): Record<string, unknown> => {
+    const result: Record<string, unknown> = {}
+    for (const k of keys) if (k in data) result[k] = data[k]
+    return result
+  },
+  errValidation = (
+    code: ErrorCode,
+    zodError: { flatten: () => { fieldErrors: Record<string, string[] | undefined> } }
+  ): never => {
+    const { fieldErrors } = zodError.flatten(),
+      fields = Object.keys(fieldErrors)
+    throw new ConvexError({ code, fields, message: fields.length ? `Invalid: ${fields.join(', ')}` : 'Validation failed' })
+  }
+
+export {
+  addUrls,
+  cascadeFor,
+  cleanFiles,
+  detectFiles,
+  err,
+  errValidation,
+  getUser,
+  groupList,
+  isComparisonOp,
+  isRecord,
+  log,
+  matchW,
+  noFetcher,
+  ownGet,
+  pgOpts,
+  pickFields,
+  readCtx,
+  time
+}

package/src/server/index.ts

@@ -0,0 +1,12 @@
+export { checkSchema } from './check-schema'
+export { getErrorCode, getErrorMessage, isRecord } from './error'
+export { makeFileUpload } from './file'
+export { err, time } from './helpers'
+export { makeOrg } from './org'
+export type { InviteDocLike, JoinRequestItem, OrgDocLike, OrgMemberItem, OrgUserLike } from './org'
+export { orgCascade } from './org-crud'
+export { canEdit, getOrgMember, getOrgRole, requireOrgMember, requireOrgRole } from './org-helpers'
+export { baseTable, orgChildTable, orgTable, orgTables, ownedTable, uploadTables } from './schema-helpers'
+export { setup } from './setup'
+export { makeTestAuth } from './test'
+export { getOrgMembership, makeOrgTestCrud } from './test-crud'