millas 0.2.12-beta → 0.2.12-beta-2

package/src/orm/migration/DefaultValueParser.js

@@ -0,0 +1,325 @@
+'use strict';
+
+/**
+ * DefaultValueParser
+ *
+ * Evaluates user-provided default value expressions in a safe, restricted
+ * context during makemigrations.
+ *
+ * ── What it does ─────────────────────────────────────────────────────────────
+ *
+ *  1. Receives raw string input from the developer (e.g. "42", "'hello'",
+ *     "Date.now", "crypto.randomUUID", "() => new Date().toISOString()")
+ *
+ *  2. Classifies it as:
+ *       literal   — a plain value that can be serialised to JSON
+ *                   (number, string, boolean, null, array, object)
+ *       callable  — a reference or arrow function that must be called
+ *                   per-row at migration time (Date.now, uuid, etc.)
+ *
+ *  3. For literals: evaluates the expression and returns the typed value
+ *  4. For callables: stores the expression string as-is (never evaluated here)
+ *
+ * ── Safe context ─────────────────────────────────────────────────────────────
+ *
+ *  The evaluation sandbox pre-imports a whitelist of safe helpers:
+ *    Date         — current time
+ *    crypto       — randomUUID, randomBytes
+ *    Math         — floor, random, etc.
+ *
+ *  Blocked:
+ *    require, process, __dirname, __filename, Buffer (file/OS/network access)
+ *    eval, Function constructor (code injection)
+ *
+ * ── Result shape ─────────────────────────────────────────────────────────────
+ *
+ *   Literal:
+ *     { kind: 'literal', value: 42, expression: '42' }
+ *
+ *   Callable:
+ *     { kind: 'callable', expression: 'Date.now' }
+ *     { kind: 'callable', expression: '() => crypto.randomUUID()' }
+ *
+ * ── How it's stored in migration files ───────────────────────────────────────
+ *
+ *   Literal:   oneOffDefault: { kind: 'literal', value: 42 }
+ *              Rendered as:  { kind: 'literal', value: 42 }
+ *
+ *   Callable:  oneOffDefault: { kind: 'callable', expression: 'Date.now' }
+ *              Rendered as:  { kind: 'callable', expression: 'Date.now' }
+ *
+ * ── How it's applied at migrate time ─────────────────────────────────────────
+ *
+ *   Literal:   db(table).whereNull(col).update({ col: value })
+ *              — single UPDATE for all rows
+ *
+ *   Callable:  called once per row, each row gets its own value
+ *              — used for uuid, timestamps, random values
+ *
+ * ── Determinism ──────────────────────────────────────────────────────────────
+ *
+ *   The migration file always stores the EXPRESSION, never the evaluated
+ *   result. This means:
+ *     - `Date.now` in the file → each deployment gets the current timestamp
+ *     - `42` in the file → always 42, deterministic across deployments
+ *   The developer chooses which behaviour they want by what they type.
+ */
+class DefaultValueParser {
+
+  /**
+   * Parse a raw string input from the developer.
+   *
+   * @param {string} raw        — what the developer typed
+   * @param {string} fieldType  — 'string' | 'integer' | 'boolean' | etc.
+   * @returns {{ kind: 'literal'|'callable', value?: *, expression: string }}
+   * @throws {Error} if input is unsafe or unparseable
+   */
+  parse(raw, fieldType) {
+    const trimmed = raw.trim();
+
+    if (!trimmed) {
+      throw new Error('No value provided. Enter a value or expression.');
+    }
+
+    // ── Detect callable ───────────────────────────────────────────────────────
+    if (this._isCallable(trimmed)) {
+      this._assertSafe(trimmed);
+      return { kind: 'callable', expression: trimmed };
+    }
+
+    // ── Evaluate as literal ───────────────────────────────────────────────────
+    this._assertSafe(trimmed);
+    const value = this._evalLiteral(trimmed, fieldType);
+    return { kind: 'literal', value, expression: this._serialiseExpression(value) };
+  }
+
+  // ─── Detection ────────────────────────────────────────────────────────────
+
+  /**
+   * Detect if the input looks like a callable reference or function.
+   *
+   * Callables:
+   *   Date.now                    — property reference (no call)
+   *   crypto.randomUUID           — property reference
+   *   () => new Date().toISOString()  — arrow function
+   *   function() { return 1; }   — function expression
+   *   Date.now()                  — already called → callable (per-row)
+   */
+  _isCallable(expr) {
+    // Arrow function
+    if (/^\(?\s*\w*\s*\)?\s*=>/.test(expr)) return true;
+    // function keyword
+    if (/^function\s*\(/.test(expr)) return true;
+    // Property reference that maps to a known callable
+    if (CALLABLE_REFS.has(expr)) return true;
+    // Dot-notation that ends in a name (not a string/number/bool)
+    // e.g. Date.now, crypto.randomUUID, Math.random
+    if (/^[A-Za-z_$][A-Za-z0-9_$]*(\.[A-Za-z_$][A-Za-z0-9_$]*)+$/.test(expr)) {
+      // Only treat as callable if first segment is a known safe object
+      const root = expr.split('.')[0];
+      return SAFE_GLOBALS.has(root);
+    }
+    // Function call expression e.g. Date.now() or crypto.randomUUID()
+    if (/^[A-Za-z_$][A-Za-z0-9_$.]+\(\)$/.test(expr)) return true;
+    return false;
+  }
+
+  // ─── Safety ───────────────────────────────────────────────────────────────
+
+  /**
+   * Throw if the expression contains forbidden patterns.
+   * This is a defense-in-depth check — the sandbox also blocks these,
+   * but we want a clear error message before even attempting evaluation.
+   */
+  _assertSafe(expr) {
+    const forbidden = [
+      /\brequire\s*\(/,          // require()
+      /\bimport\s*\(/,           // dynamic import
+      /\bprocess\b/,             // process.env, process.exit
+      /\b__dirname\b/,           // filesystem
+      /\b__filename\b/,          // filesystem
+      /\bfs\b/,                  // fs module
+      /\bchild_process\b/,       // shell
+      /\bexec\b\s*\(/,           // exec()
+      /\bspawn\b\s*\(/,          // spawn()
+      /\bfetch\b\s*\(/,          // network
+      /\bXMLHttpRequest\b/,      // network
+      /\bnew\s+Function\b/,      // Function constructor
+      /\beval\s*\(/,             // eval
+      /\bsetTimeout\b/,          // async timing
+      /\bsetInterval\b/,         // async timing
+      /\bglobalThis\b/,          // global escape
+      /\bself\b/,                // global escape
+      /\bwindow\b/,              // DOM escape
+    ];
+
+    for (const pattern of forbidden) {
+      if (pattern.test(expr)) {
+        throw new Error(
+          `Unsafe expression: "${expr}" contains a forbidden pattern.\n` +
+          `Only safe expressions are allowed (literals, Date, Math, crypto).`
+        );
+      }
+    }
+  }
+
+  // ─── Literal evaluation ───────────────────────────────────────────────────
+
+  _evalLiteral(expr, fieldType) {
+    // ── null ──────────────────────────────────────────────────────────────────
+    if (expr === 'null' || expr === 'NULL') return null;
+
+    // ── boolean ───────────────────────────────────────────────────────────────
+    if (expr === 'true'  || expr === 'True')  return true;
+    if (expr === 'false' || expr === 'False') return false;
+
+    // ── quoted string ─────────────────────────────────────────────────────────
+    if ((expr.startsWith('"') && expr.endsWith('"')) ||
+        (expr.startsWith("'") && expr.endsWith("'"))) {
+      return expr.slice(1, -1);
+    }
+
+    // ── number ────────────────────────────────────────────────────────────────
+    if (/^-?\d+(\.\d+)?$/.test(expr)) {
+      const n = Number(expr);
+      if (!isNaN(n)) return n;
+    }
+
+    // ── JSON array / object ───────────────────────────────────────────────────
+    if ((expr.startsWith('[') && expr.endsWith(']')) ||
+        (expr.startsWith('{') && expr.endsWith('}'))) {
+      try { return JSON.parse(expr); } catch {}
+    }
+
+    // ── Field-type coercion for bare unquoted strings ─────────────────────────
+    if (fieldType === 'integer' || fieldType === 'bigInteger') {
+      const n = parseInt(expr, 10);
+      if (!isNaN(n)) return n;
+      throw new Error(`"${expr}" is not a valid integer.`);
+    }
+    if (fieldType === 'float' || fieldType === 'decimal') {
+      const f = parseFloat(expr);
+      if (!isNaN(f)) return f;
+      throw new Error(`"${expr}" is not a valid number.`);
+    }
+    if (fieldType === 'boolean') {
+      if (['1', 'yes', 'y'].includes(expr.toLowerCase())) return true;
+      if (['0', 'no',  'n'].includes(expr.toLowerCase())) return false;
+      throw new Error(`"${expr}" is not a valid boolean.`);
+    }
+
+    // ── Safe Date/Math expressions ────────────────────────────────────────────
+    // e.g. "new Date().toISOString()" evaluated once as a literal snapshot
+    if (/^new\s+Date\s*\(/.test(expr) || /^Math\./.test(expr)) {
+      try {
+        const result = this._sandboxEval(expr);
+        return result;
+      } catch (e) {
+        throw new Error(`Could not evaluate "${expr}": ${e.message}`);
+      }
+    }
+
+    // ── Bare unquoted string (last resort for string/text/enum fields) ────────
+    if (['string', 'text', 'enum', 'uuid', 'date', 'timestamp'].includes(fieldType)) {
+      return expr;
+    }
+
+    throw new Error(
+      `Cannot interpret "${expr}" as a ${fieldType}.\n` +
+      `For strings, wrap in quotes: '${expr}'\n` +
+      `For callables (uuid, timestamp), they will be called per-row at migrate time.`
+    );
+  }
+
+  /**
+   * Minimal sandbox for safe Date/Math expressions only.
+   * Uses Function constructor with a clean scope — no globals exposed.
+   */
+  _sandboxEval(expr) {
+    // eslint-disable-next-line no-new-func
+    const fn = new Function('Date', 'Math', `'use strict'; return (${expr});`);
+    return fn(Date, Math);
+  }
+
+  // ─── Serialisation ────────────────────────────────────────────────────────
+
+  /**
+   * Convert a literal JS value back to a clean expression string.
+   * Used to display confirmation back to the developer.
+   */
+  _serialiseExpression(value) {
+    if (value === null)            return 'null';
+    if (typeof value === 'string') return JSON.stringify(value);
+    if (typeof value === 'number') return String(value);
+    if (typeof value === 'boolean') return String(value);
+    return JSON.stringify(value);
+  }
+}
+
+// ─── Safe callable registry ───────────────────────────────────────────────────
+
+/**
+ * Exact callable references the developer can type.
+ * These are resolved to actual functions at migration time.
+ */
+const CALLABLE_REFS = new Map([
+  ['Date.now',          () => Date.now()],
+  ['Date.now()',        () => Date.now()],
+  ['new Date()',        () => new Date().toISOString()],
+  ['crypto.randomUUID', () => require('crypto').randomUUID()],
+  ['crypto.randomUUID()', () => require('crypto').randomUUID()],
+  ['Math.random',       () => Math.random()],
+  ['Math.random()',     () => Math.random()],
+]);
+
+/**
+ * Safe root objects that are allowed in callable expressions.
+ */
+const SAFE_GLOBALS = new Set(['Date', 'Math', 'crypto', 'JSON', 'Number', 'String', 'Boolean']);
+
+/**
+ * Resolve a stored `oneOffDefault` descriptor into a concrete value or function.
+ *
+ * Called at migration time (inside AddField.up()), NOT at makemigrations time.
+ *
+ * @param {{ kind: 'literal'|'callable', value?: *, expression?: string }} descriptor
+ * @returns {* | () => *}  — a literal value, or a zero-arg function for callables
+ */
+function resolveDefault(descriptor) {
+  if (!descriptor) return undefined;
+
+  // Legacy: plain primitive stored directly (backward compat with old migrations)
+  if (typeof descriptor !== 'object' || !('kind' in descriptor)) {
+    return descriptor;
+  }
+
+  if (descriptor.kind === 'literal') {
+    return descriptor.value;
+  }
+
+  if (descriptor.kind === 'callable') {
+    const expr = descriptor.expression;
+
+    // Known safe callable → return the pre-registered function
+    if (CALLABLE_REFS.has(expr)) {
+      return CALLABLE_REFS.get(expr);
+    }
+
+    // Arrow function or function expression → compile in safe context
+    try {
+      // eslint-disable-next-line no-new-func
+      const fn = new Function('Date', 'Math', 'crypto',
+        `'use strict'; return (${expr});`
+      )(Date, Math, require('crypto'));
+      if (typeof fn === 'function') return fn;
+      // Expression evaluated to a value — treat as literal
+      return () => fn;
+    } catch (e) {
+      throw new Error(`Cannot resolve callable default "${expr}": ${e.message}`);
+    }
+  }
+
+  throw new Error(`Unknown oneOffDefault descriptor kind: "${descriptor.kind}"`);
+}
+
+module.exports = { DefaultValueParser, resolveDefault, CALLABLE_REFS, SAFE_GLOBALS };

package/src/orm/migration/InteractiveResolver.js

@@ -0,0 +1,191 @@
+'use strict';
+
+const readline = require('readline');
+const { DefaultValueParser } = require('./DefaultValueParser');
+
+/**
+ * InteractiveResolver
+ *
+ * During makemigrations, when a new non-nullable field without a default
+ * is being added to an existing table, this resolver prompts the developer.
+ *
+ * Options:
+ *   1) Provide a one-off default value or expression
+ *      — Supports literals (42, 'hello', true) and callables (Date.now,
+ *        crypto.randomUUID, () => ...)
+ *      — Stored in migration file as code, NOT evaluated at makemigrations time
+ *      — Applied at migrate time: callable = per row, literal = single UPDATE
+ *
+ *   2) Make the field nullable temporarily
+ *      — Safest option, can be tightened later with a follow-up migration
+ *
+ *   3) Abort
+ *      — Developer must fix their model first, then re-run makemigrations
+ *
+ * In non-interactive mode (CI / --noinput):
+ *   Throws with a clear message naming the field and showing all three fixes.
+ */
+class InteractiveResolver {
+  constructor(options = {}) {
+    this._nonInteractive = options.nonInteractive || !process.stdin.isTTY;
+    this._parser         = new DefaultValueParser();
+  }
+
+  /**
+   * Resolve a single dangerous AddField op interactively.
+   *
+   * @param {object} op — { type: 'AddField', table, column, field, _needsDefault: true }
+   * @returns {object}  — resolved op
+   * @throws  {Error}   — on abort
+   */
+  async resolve(op) {
+    const { table, column, field } = op;
+
+    if (this._nonInteractive) {
+      throw new Error(
+        `\nField "${table}.${column}" is non-nullable with no default.\n` +
+        `\nIn non-interactive mode, resolve this before running makemigrations:\n` +
+        `  Option A: Add a default to your model:\n` +
+        `            ${column}: fields.${field.type || 'string'}({ default: 'some_value' })\n` +
+        `  Option B: Make the field nullable:\n` +
+        `            ${column}: fields.${field.type || 'string'}({ nullable: true })\n` +
+        `  Option C: Run makemigrations interactively to provide a one-off default.\n`
+      );
+    }
+
+    this._print('');
+    this._print(`  It is impossible to add a non-nullable field '${column}' to the`);
+    this._print(`  '${table}' table without specifying a default. This is because the`);
+    this._print(`  database needs something to populate existing rows.`);
+    this._print('');
+    this._print(`  Please select a fix:`);
+    this._print(`   1) Provide a one-off default now (used only for existing rows)`);
+    this._print(`   2) Quit and make '${column}' nullable in your model (recommended)`);
+    this._print(`   3) Quit and add a permanent default to your model`);
+    this._print('');
+
+    const choice = await this._prompt('  Select an option: ');
+    const trimmed = choice.trim();
+
+    if (trimmed === '2') {
+      this._print('');
+      this._print(`  Quitting. Add nullable=true to '${column}' in your model:`);
+      this._print(`    ${column}: fields.${field.type || 'string'}({ nullable: true })`);
+      this._print('');
+      throw new Error(
+        `Aborted. Make '${column}' nullable in your model, then re-run makemigrations.`
+      );
+    }
+
+    if (trimmed === '3') {
+      this._print('');
+      this._print(`  Quitting. Add a default to '${column}' in your model:`);
+      this._print(`    ${column}: fields.${field.type || 'string'}({ default: 'your_value' })`);
+      this._print('');
+      throw new Error(
+        `Aborted. Add a default to '${column}' in your model, then re-run makemigrations.`
+      );
+    }
+
+    if (trimmed === '1') {
+      return this._promptForDefault(op);
+    }
+
+    // Unrecognised — re-ask
+    this._print(`  Invalid choice "${trimmed}". Please enter 1, 2, or 3.`);
+    return this.resolve(op);
+  }
+
+  /**
+   * Resolve all dangerous ops in a list.
+   */
+  async resolveAll(ops) {
+    const resolved = [];
+    for (const op of ops) {
+      if (op._needsDefault) {
+        resolved.push(await this.resolve(op));
+      } else {
+        resolved.push(op);
+      }
+    }
+    return resolved;
+  }
+
+  // ─── Default value prompt ─────────────────────────────────────────────────
+
+  async _promptForDefault(op) {
+    const { table, column, field } = op;
+
+    this._print('');
+    this._print(`  Please enter the default value for '${column}' (${field.type}).`);
+    this._print(`  This will ONLY be used to populate existing rows — it will not`);
+    this._print(`  be added to your model definition.`);
+    this._print('');
+    this._print(`  You can enter:`);
+    this._print(`    A literal value:   42  |  'hello'  |  true  |  null`);
+    this._print(`    A callable:        Date.now  |  crypto.randomUUID  |  () => new Date().toISOString()`);
+    this._print(`    (Callables are called once per row at migrate time)`);
+    this._print('');
+
+    const raw = await this._prompt(`  Enter default for '${column}': `);
+    const trimmed = raw.trim();
+
+    if (!trimmed) {
+      this._print(`  No value entered. Please try again.`);
+      return this._promptForDefault(op);
+    }
+
+    let parsed;
+    try {
+      parsed = this._parser.parse(trimmed, field.type);
+    } catch (err) {
+      this._print('');
+      this._print(`  ✗  ${err.message}`);
+      this._print('');
+      return this._promptForDefault(op);
+    }
+
+    // ── Confirm with the developer ────────────────────────────────────────
+    this._print('');
+    if (parsed.kind === 'callable') {
+      this._print(`  ✔  Callable: ${parsed.expression}`);
+      this._print(`     Each existing row will get its own value when migrate runs.`);
+    } else {
+      this._print(`  ✔  Literal: ${parsed.expression}`);
+      this._print(`     All existing rows will be set to this value.`);
+    }
+    this._print('');
+
+    const confirm = await this._prompt(`  Use this? [Y/n]: `);
+    if (confirm.trim().toLowerCase() === 'n') {
+      return this._promptForDefault(op);
+    }
+
+    return {
+      ...op,
+      oneOffDefault: parsed,   // { kind, value?, expression }
+      _needsDefault: false,
+    };
+  }
+
+  // ─── Internals ─────────────────────────────────────────────────────────────
+
+  _print(msg) {
+    process.stdout.write(msg + '\n');
+  }
+
+  _prompt(question) {
+    return new Promise((resolve) => {
+      const rl = readline.createInterface({
+        input:  process.stdin,
+        output: process.stdout,
+      });
+      rl.question(question, (answer) => {
+        rl.close();
+        resolve(answer);
+      });
+    });
+  }
+}
+
+module.exports = InteractiveResolver;