npm - meadow-endpoints - Versions diffs - 4.0.22 → 4.0.23 - Mend

meadow-endpoints 4.0.22 → 4.0.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

package/README.md +8 -15
package/diagrams/how-it-works.excalidraw +1462 -0
package/diagrams/how-it-works.mmd +9 -0
package/diagrams/how-it-works.svg +2 -0
package/dist/meadow-endpoints.js +516 -221
package/dist/meadow-endpoints.js.map +1 -1
package/dist/meadow-endpoints.min.js +18 -18
package/dist/meadow-endpoints.min.js.map +1 -1
package/docs/README.md +9 -25
package/docs/_cover.md +9 -0
package/docs/_sidebar.md +1 -0
package/docs/_version.json +3 -3
package/docs/architecture.md +119 -0
package/docs/crud/README.md +6 -6
package/docs/diagrams/behavior-injection-hook-points.excalidraw +677 -0
package/docs/diagrams/behavior-injection-hook-points.mmd +9 -0
package/docs/diagrams/behavior-injection-hook-points.svg +2 -0
package/docs/diagrams/how-it-works.excalidraw +2777 -0
package/docs/diagrams/how-it-works.mmd +16 -0
package/docs/diagrams/how-it-works.svg +2 -0
package/docs/diagrams/how-routes-are-generated.excalidraw +1237 -0
package/docs/diagrams/how-routes-are-generated.mmd +13 -0
package/docs/diagrams/how-routes-are-generated.svg +2 -0
package/docs/diagrams/request-lifecycle.excalidraw +1897 -0
package/docs/diagrams/request-lifecycle.mmd +22 -0
package/docs/diagrams/request-lifecycle.svg +2 -0
package/docs/diagrams/where-it-sits-in-the-stack.excalidraw +2068 -0
package/docs/diagrams/where-it-sits-in-the-stack.mmd +19 -0
package/docs/diagrams/where-it-sits-in-the-stack.svg +2 -0
package/docs/index.html +2 -2
package/docs/quickstart.md +151 -0
package/docs/retold-catalog.json +155 -174
package/docs/retold-keyword-index.json +6593 -2920
package/package.json +8 -8
package/source/controller/Meadow-Endpoints-Controller-Base.js +40 -0
package/source/endpoints/count/Meadow-Endpoint-Count.js +1 -0
package/source/endpoints/count/Meadow-Endpoint-CountBy.js +1 -0
package/source/endpoints/create/Meadow-Operation-Create.js +1 -0
package/source/endpoints/delete/Meadow-Endpoint-Delete.js +1 -0
package/source/endpoints/delete/Meadow-Endpoint-Undelete.js +1 -0
package/source/endpoints/read/Meadow-Endpoint-Read.js +1 -0
package/source/endpoints/read/Meadow-Endpoint-ReadDistinctList.js +1 -0
package/source/endpoints/read/Meadow-Endpoint-ReadLiteList.js +1 -0
package/source/endpoints/read/Meadow-Endpoint-ReadMax.js +1 -0
package/source/endpoints/read/Meadow-Endpoint-ReadSelectList.js +1 -0
package/source/endpoints/read/Meadow-Endpoint-Reads.js +1 -0
package/source/endpoints/read/Meadow-Endpoint-ReadsBy.js +1 -0
package/source/endpoints/update/Meadow-Operation-Update.js +2 -0
package/source/endpoints/upsert/Meadow-Operation-Upsert.js +1 -0
package/test/MeadowEndpoints_SessionOverride_tests.js +75 -0
package/dist/indoctrinate_content_staging/Indoctrinate-Catalog-AppData.json +0 -4808

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "meadow-endpoints",
-  "version": "4.0.22",
+  "version": "4.0.23",
   "description": "Automatic API endpoints for Meadow data.",
   "main": "source/Meadow-Endpoints.js",
   "scripts": {
@@ -35,7 +35,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/stevenvelozo/meadow-endpoints.git"
+    "url": "https://github.com/fable-retold/meadow-endpoints.git"
   },
   "keywords": [
     "crud",
@@ -44,9 +44,9 @@
   "author": "Steven Velozo <steven@velozo.com> (http://velozo.com/)",
   "license": "MIT",
   "bugs": {
-    "url": "https://github.com/stevenvelozo/meadow-endpoints/issues"
+    "url": "https://github.com/fable-retold/meadow-endpoints/issues"
   },
-  "homepage": "https://github.com/stevenvelozo/meadow-endpoints",
+  "homepage": "https://github.com/fable-retold/meadow-endpoints",
   "devDependencies": {
     "alasql": "^4.17.2",
     "chance": "^1.1.13",
@@ -55,18 +55,18 @@
     "mysql2": "^3.22.1",
     "orator-serviceserver-restify": "^2.0.11",
     "papaparse": "^5.5.3",
-    "pict-docuserve": "^1.3.2",
-    "quackage": "^1.2.3",
+    "pict-docuserve": "^1.4.19",
+    "quackage": "^1.3.0",
     "supertest": "^7.2.2",
     "typescript": "^5.9.3",
     "why-is-node-running": "^3.2.2"
   },
   "dependencies": {
     "async": "3.2.6",
-    "fable": "^3.1.75",
+    "fable": "^3.1.78",
     "fable-serviceproviderbase": "^3.0.19",
     "JSONStream": "^1.3.5",
-    "meadow": "^2.0.41",
+    "meadow": "^2.0.46",
     "meadow-filter": "^1.0.10",
     "orator": "^6.1.2",
     "underscore": "^1.13.8"

package/source/controller/Meadow-Endpoints-Controller-Base.js CHANGED Viewed

@@ -155,6 +155,46 @@ class MeadowEndpointControllerBase
 	{
 		return this._SessionMarshaler.getSessionData(pRequest);
 	}
+	/**
+	 * Stamp the request's session onto a meadow query so a downstream provider
+	 * can act under the caller's identity.
+	 *
+	 * Today only the MeadowEndpoints provider consumes this — when a beacon
+	 * fronts a remote meadow-endpoints API it presents this session upstream
+	 * (instead of its bound machine session) so the remote enforces row-level
+	 * auth as the real caller. SQL providers ignore the parameter. The override
+	 * rides the per-operation FoxHound query (concurrency-safe).
+	 *
+	 * No-op for the default/anonymous session (UserID 0 / SessionID 0x0000) —
+	 * those carry no identity, so the provider keeps its existing behavior.
+	 *
+	 * @param {object} pRequestState - the request state (carries SessionData + Query)
+	 * @returns {void}
+	 */
+	stampSessionOverrideOnQuery(pRequestState)
+	{
+		if (!pRequestState || !pRequestState.Query || !pRequestState.SessionData)
+		{
+			return;
+		}
+		let tmpSession = pRequestState.SessionData;
+		let tmpSessionID = tmpSession.SessionID;
+		if (typeof(tmpSessionID) !== 'string' || tmpSessionID.length < 1 || tmpSessionID === '0x0000')
+		{
+			return;
+		}
+		if (pRequestState.Query.query && pRequestState.Query.query.parameters)
+		{
+			pRequestState.Query.query.parameters.MeadowEndpointsSessionOverride = (
+				{
+					SessionID: tmpSessionID,
+					CustomerID: tmpSession.CustomerID,
+					UserID: tmpSession.UserID,
+					UserRoleIndex: tmpSession.UserRoleIndex
+				});
+		}
+	}
 }
 module.exports = MeadowEndpointControllerBase;

package/source/endpoints/count/Meadow-Endpoint-Count.js CHANGED Viewed

@@ -11,6 +11,7 @@ const doAPIEndpointCount = function(pRequest, pResponse, fNext)
 			(fStageComplete) =>
 			{
 				tmpRequestState.Query = this.DAL.query;
+				this.stampSessionOverrideOnQuery(tmpRequestState);
 				if (typeof(pRequest.params.Filter) === 'string')
 				{
 					// If a filter has been passed in, parse it and add the values to the query.

package/source/endpoints/count/Meadow-Endpoint-CountBy.js CHANGED Viewed

@@ -11,6 +11,7 @@ const doAPIEndpointCountBy = function(pRequest, pResponse, fNext)
 			(fStageComplete) =>
 			{
 				tmpRequestState.Query = this.DAL.query;
+				this.stampSessionOverrideOnQuery(tmpRequestState);
 				tmpRequestState.Query.addFilter(pRequest.params.ByField, pRequest.params.ByValue, '=', 'AND', 'RequestByField');
 				return fStageComplete();
 			},

package/source/endpoints/create/Meadow-Operation-Create.js CHANGED Viewed

@@ -31,6 +31,7 @@ const doCreate = function(pRecord, pRequest, pRequestState, pResponse, fCallback
 		{
 			// Prepare create query
 			tmpRequestState.Query = this.DAL.query;
+			this.stampSessionOverrideOnQuery(tmpRequestState);
 			tmpRequestState.Query.setIDUser(tmpRequestState.SessionData.UserID);
 			tmpRequestState.Query.addRecord(tmpRequestState.RecordToCreate);
 			return fStageComplete();

package/source/endpoints/delete/Meadow-Endpoint-Delete.js CHANGED Viewed

@@ -36,6 +36,7 @@ const doAPIEndpointDelete = function(pRequest, pResponse, fNext)
 			(fStageComplete) =>
 			{
 				tmpRequestState.Query = this.DAL.query;
+				this.stampSessionOverrideOnQuery(tmpRequestState);
 				tmpRequestState.Query.addFilter(this.DAL.defaultIdentifier, tmpRequestState.IDRecord);
 				tmpRequestState.Query.setIDUser(tmpRequestState.SessionData.UserID);
 				return fStageComplete();

package/source/endpoints/delete/Meadow-Endpoint-Undelete.js CHANGED Viewed

@@ -54,6 +54,7 @@ const doAPIEndpointUndelete = function(pRequest, pResponse, fNext)
 			{
 				// Now see if the record, with this identifier, for this user, exists with the deleted bit set to 1
 				tmpRequestState.Query = this.DAL.query;
+				this.stampSessionOverrideOnQuery(tmpRequestState);
 				tmpRequestState.Query.addFilter(this.DAL.defaultIdentifier, tmpIDRecord);
 				tmpRequestState.Query.addFilter('Deleted', 1);
 				tmpRequestState.Query.setIDUser(tmpRequestState.SessionData.UserID);

package/source/endpoints/read/Meadow-Endpoint-Read.js CHANGED Viewed

@@ -11,6 +11,7 @@ const doAPIEndpointRead = function(pRequest, pResponse, fNext)
 			(fStageComplete) =>
 			{
 				tmpRequestState.Query = this.DAL.query;
+				this.stampSessionOverrideOnQuery(tmpRequestState);
 				return fStageComplete();
 			},
 			fBehaviorInjector(`Read-PreOperation`),

package/source/endpoints/read/Meadow-Endpoint-ReadDistinctList.js CHANGED Viewed

@@ -15,6 +15,7 @@ const doAPIEndpointReadDistinct = function(pRequest, pResponse, fNext)
 		(fStageComplete) =>
 		{
 			tmpRequestState.Query = this.DAL.query.setDistinct(true);
+			this.stampSessionOverrideOnQuery(tmpRequestState);
 			/** @type {number | boolean} */
 			let tmpCap = false;

package/source/endpoints/read/Meadow-Endpoint-ReadLiteList.js CHANGED Viewed

@@ -14,6 +14,7 @@ const doAPIEndpointReadLite = function(pRequest, pResponse, fNext)
 			(fStageComplete) =>
 			{
 				tmpRequestState.Query = this.DAL.query;
+				this.stampSessionOverrideOnQuery(tmpRequestState);
 				// TODO: Limit the query to the columns we need for the templated expression
 				/** @type {number | boolean} */

package/source/endpoints/read/Meadow-Endpoint-ReadMax.js CHANGED Viewed

@@ -11,6 +11,7 @@ const doAPIEndpointReadMax = function(pRequest, pResponse, fNext)
 			(fStageComplete) =>
 			{
 				tmpRequestState.Query = this.DAL.query;
+				this.stampSessionOverrideOnQuery(tmpRequestState);
 				return fStageComplete();
 			},
 			(fStageComplete) =>

package/source/endpoints/read/Meadow-Endpoint-ReadSelectList.js CHANGED Viewed

@@ -11,6 +11,7 @@ const doAPIEndpointReadSelectList = function(pRequest, pResponse, fNext)
 			(fStageComplete) =>
 			{
 				tmpRequestState.Query = this.DAL.query;
+				this.stampSessionOverrideOnQuery(tmpRequestState);
 				/** @type {number | boolean} */
 				var tmpCap = false;

package/source/endpoints/read/Meadow-Endpoint-Reads.js CHANGED Viewed

@@ -11,6 +11,7 @@ const doAPIEndpointReads = function(pRequest, pResponse, fNext)
 		(fStageComplete) =>
 		{
 			tmpRequestState.Query = this.DAL.query;
+			this.stampSessionOverrideOnQuery(tmpRequestState);
 			/** @type {number | boolean} */
 			var tmpCap = false;

package/source/endpoints/read/Meadow-Endpoint-ReadsBy.js CHANGED Viewed

@@ -12,6 +12,7 @@ const doAPIEndpointReadsBy = function(pRequest, pResponse, fNext)
 			(fStageComplete) =>
 			{
 				tmpRequestState.Query = this.DAL.query;
+				this.stampSessionOverrideOnQuery(tmpRequestState);
 				/** @type {number | boolean} */
 				var tmpCap = false;

package/source/endpoints/update/Meadow-Operation-Update.js CHANGED Viewed

@@ -33,6 +33,7 @@ const doUpdate = function(pRecordToModify, pRequest, pRequestState, pResponse, f
 			else
 			{
 				tmpRequestState.Query = this.DAL.query;
+				this.stampSessionOverrideOnQuery(tmpRequestState);
 				tmpRequestState.Query.addFilter(this.DAL.defaultIdentifier, tmpRequestState.RecordToModify[this.DAL.defaultIdentifier]);
@@ -64,6 +65,7 @@ const doUpdate = function(pRecordToModify, pRequest, pRequestState, pResponse, f
 		(fStageComplete) =>
 		{
 			tmpRequestState.Query = this.DAL.query;
+			this.stampSessionOverrideOnQuery(tmpRequestState);
 			return fStageComplete();
 		},
 		fBehaviorInjector(`Update-PreOperation`),

package/source/endpoints/upsert/Meadow-Operation-Upsert.js CHANGED Viewed

@@ -14,6 +14,7 @@ const doUpsert = function(pRecordToUpsert, pRequest, pRequestState, pResponse, f
 			(fStageComplete) =>
 			{
 				tmpRequestState.Query = this.DAL.query;
+				this.stampSessionOverrideOnQuery(tmpRequestState);
 				// Prepare to gather requirements for upserting
 				tmpRequestState.Record = pRecordToUpsert;

package/test/MeadowEndpoints_SessionOverride_tests.js ADDED Viewed

@@ -0,0 +1,75 @@
+/**
+ * Meadow Endpoints — per-request session override stamping.
+ *
+ * stampSessionOverrideOnQuery copies a real request session onto the meadow
+ * query (Query.query.parameters.MeadowEndpointsSessionOverride) so a
+ * downstream provider (the MeadowEndpoints provider, when a beacon fronts a
+ * remote API) can act under the caller's identity. The default/anonymous
+ * session is a no-op.
+ *
+ *   npx mocha test/MeadowEndpoints_SessionOverride_tests.js -u tdd --exit
+ */
+const Chai = require('chai');
+const Expect = Chai.expect;
+const libFable = require('fable');
+const libMeadow = require('meadow');
+const libMeadowEndpointsControllerBase = require('../source/controller/Meadow-Endpoints-Controller-Base.js');
+const _BookSchema = require('../test_support/model/meadow_schema/BookStore-MeadowSchema-Book.json');
+function buildController()
+{
+	let tmpFable = new libFable({ Product: 'SessionOverrideTest', LogStreams: [ { streamtype: 'console', level: 'fatal' } ] });
+	let tmpMeadow = libMeadow.new(tmpFable, 'Book')
+		.setSchema(_BookSchema.Schema)
+		.setJsonSchema(_BookSchema.JsonSchema)
+		.setDefaultIdentifier(_BookSchema.DefaultIdentifier)
+		.setDefault(_BookSchema.DefaultObject);
+	return new libMeadowEndpointsControllerBase({ DAL: tmpMeadow, _ControllerOptions: {} });
+}
+function realSession()
+{
+	return { SessionID: 'caller-session-xyz', CustomerID: 182, UserID: 5150, UserRoleIndex: 3, LoggedIn: true };
+}
+suite('Meadow-Endpoints session override stamping', () =>
+{
+	test('a real session is stamped onto the query parameters', () =>
+	{
+		let tmpController = buildController();
+		let tmpRequestState = { SessionData: realSession(), Query: tmpController.DAL.query };
+		tmpController.stampSessionOverrideOnQuery(tmpRequestState);
+		let tmpOverride = tmpRequestState.Query.query.parameters.MeadowEndpointsSessionOverride;
+		Expect(tmpOverride).to.be.an('object');
+		Expect(tmpOverride.SessionID).to.equal('caller-session-xyz');
+		Expect(tmpOverride.CustomerID).to.equal(182);
+		Expect(tmpOverride.UserID).to.equal(5150);
+	});
+	test('the default/anonymous session (0x0000) is a no-op', () =>
+	{
+		let tmpController = buildController();
+		let tmpRequestState = { SessionData: { SessionID: '0x0000', UserID: 0 }, Query: tmpController.DAL.query };
+		tmpController.stampSessionOverrideOnQuery(tmpRequestState);
+		Expect(tmpRequestState.Query.query.parameters.MeadowEndpointsSessionOverride).to.equal(undefined);
+	});
+	test('a missing SessionID is a no-op', () =>
+	{
+		let tmpController = buildController();
+		let tmpRequestState = { SessionData: { UserID: 5 }, Query: tmpController.DAL.query };
+		tmpController.stampSessionOverrideOnQuery(tmpRequestState);
+		Expect(tmpRequestState.Query.query.parameters.MeadowEndpointsSessionOverride).to.equal(undefined);
+	});
+	test('missing Query or SessionData does not throw', () =>
+	{
+		let tmpController = buildController();
+		Expect(() => tmpController.stampSessionOverrideOnQuery({})).to.not.throw();
+		Expect(() => tmpController.stampSessionOverrideOnQuery({ SessionData: realSession() })).to.not.throw();
+		Expect(() => tmpController.stampSessionOverrideOnQuery(null)).to.not.throw();
+	});
+});