npm - monapi - Versions diffs - 0.1.0 - Mend

monapi 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,998 @@
+import { Router } from 'express';
+import { Schema } from 'mongoose';
+// src/monapi.ts
+// src/types/query.ts
+var FieldType = /* @__PURE__ */ ((FieldType2) => {
+  FieldType2["String"] = "string";
+  FieldType2["Number"] = "number";
+  FieldType2["Boolean"] = "boolean";
+  FieldType2["Date"] = "date";
+  FieldType2["ObjectId"] = "objectid";
+  FieldType2["Array"] = "array";
+  FieldType2["Object"] = "object";
+  FieldType2["Mixed"] = "mixed";
+  return FieldType2;
+})(FieldType || {});
+// src/types/schema.ts
+var SchemaType = /* @__PURE__ */ ((SchemaType2) => {
+  SchemaType2["Mongoose"] = "mongoose";
+  SchemaType2["Typegoose"] = "typegoose";
+  SchemaType2["Zod"] = "zod";
+  SchemaType2["Joi"] = "joi";
+  SchemaType2["Yup"] = "yup";
+  SchemaType2["Unknown"] = "unknown";
+  return SchemaType2;
+})(SchemaType || {});
+// src/adapters/schema/MongooseAdapter.ts
+var MongooseAdapter = class {
+  constructor(schemaOrModel) {
+    if (this.isModel(schemaOrModel)) {
+      this.model = schemaOrModel;
+      this.schema = schemaOrModel.schema;
+    } else {
+      this.schema = schemaOrModel;
+    }
+  }
+  /**
+   * Type guard to check if value is a Mongoose model
+   */
+  isModel(value) {
+    return value && typeof value === "function" && value.prototype && value.schema;
+  }
+  /**
+   * Get list of all field names in the schema
+   */
+  getFields() {
+    const fields = [];
+    this.schema.eachPath((pathname) => {
+      if (pathname === "_id" || pathname === "__v") {
+        return;
+      }
+      fields.push(pathname);
+    });
+    return fields;
+  }
+  /**
+   * Get the type of a specific field
+   */
+  getFieldType(field) {
+    const schemaType = this.schema.path(field);
+    if (!schemaType) {
+      return "mixed" /* Mixed */;
+    }
+    const instance = schemaType.instance;
+    switch (instance) {
+      case "String":
+        return "string" /* String */;
+      case "Number":
+        return "number" /* Number */;
+      case "Boolean":
+        return "boolean" /* Boolean */;
+      case "Date":
+        return "date" /* Date */;
+      case "ObjectID":
+      case "ObjectId":
+        return "objectid" /* ObjectId */;
+      case "Array":
+        return "array" /* Array */;
+      case "Embedded":
+      case "Subdocument":
+        return "object" /* Object */;
+      case "Mixed":
+        return "mixed" /* Mixed */;
+      default:
+        return "mixed" /* Mixed */;
+    }
+  }
+  /**
+   * Get metadata for a specific field
+   */
+  getFieldMetadata(field) {
+    const schemaType = this.schema.path(field);
+    if (!schemaType) {
+      return void 0;
+    }
+    const metadata = {
+      name: field,
+      type: this.getFieldType(field)
+    };
+    if (schemaType.isRequired) {
+      metadata.required = true;
+    }
+    const st = schemaType;
+    if (st.defaultValue !== void 0) {
+      metadata.default = st.defaultValue;
+    }
+    if (st.enumValues && st.enumValues.length > 0) {
+      metadata.enum = st.enumValues;
+    }
+    return metadata;
+  }
+  /**
+   * Get all fields metadata
+   */
+  getAllFieldsMetadata() {
+    const fields = this.getFields();
+    return fields.map((field) => this.getFieldMetadata(field)).filter((meta) => meta !== void 0);
+  }
+  /**
+   * Validate data against the schema
+   */
+  async validate(data) {
+    if (!this.model) {
+      return this.basicValidation(data);
+    }
+    try {
+      const doc = new this.model(data);
+      await doc.validate();
+      return {
+        valid: true,
+        data: doc.toObject()
+      };
+    } catch (error) {
+      if (error.name === "ValidationError") {
+        const errors = Object.keys(error.errors).map((field) => ({
+          field,
+          message: error.errors[field].message,
+          code: error.errors[field].kind
+        }));
+        return {
+          valid: false,
+          errors
+        };
+      }
+      return {
+        valid: false,
+        errors: [
+          {
+            field: "",
+            message: error.message || "Validation failed"
+          }
+        ]
+      };
+    }
+  }
+  /**
+   * Basic validation when model is not available
+   */
+  basicValidation(data) {
+    if (typeof data !== "object" || data === null) {
+      return {
+        valid: false,
+        errors: [
+          {
+            field: "",
+            message: "Data must be an object"
+          }
+        ]
+      };
+    }
+    return {
+      valid: true,
+      data
+    };
+  }
+  /**
+   * Get the underlying Mongoose model if available
+   */
+  getMongooseModel() {
+    return this.model;
+  }
+  /**
+   * Get the underlying Mongoose schema
+   */
+  getMongooseSchema() {
+    return this.schema;
+  }
+};
+// src/adapters/schema/index.ts
+function detectSchemaType(schema) {
+  if (schema instanceof Schema) {
+    return "mongoose" /* Mongoose */;
+  }
+  if (typeof schema === "function" && schema.prototype && schema.schema) {
+    return "mongoose" /* Mongoose */;
+  }
+  if (schema && typeof schema === "object" && "_def" in schema && "parse" in schema) {
+    return "zod" /* Zod */;
+  }
+  if (schema && typeof schema === "object" && "isJoi" in schema) {
+    return "joi" /* Joi */;
+  }
+  if (schema && typeof schema === "object" && "__isYupSchema__" in schema) {
+    return "yup" /* Yup */;
+  }
+  if (typeof schema === "function" && schema.prototype) {
+    const metadata = Reflect.getMetadata?.("typegoose:properties", schema);
+    if (metadata) {
+      return "typegoose" /* Typegoose */;
+    }
+  }
+  return "unknown" /* Unknown */;
+}
+function createSchemaAdapter(schema) {
+  const schemaType = detectSchemaType(schema);
+  switch (schemaType) {
+    case "mongoose" /* Mongoose */:
+      return new MongooseAdapter(schema);
+    case "zod" /* Zod */:
+      throw new Error("Zod adapter not yet implemented. Coming in Phase 9.");
+    case "joi" /* Joi */:
+      throw new Error("Joi adapter not yet implemented. Coming in Phase 9.");
+    case "yup" /* Yup */:
+      throw new Error("Yup adapter not yet implemented. Coming in Phase 9.");
+    case "typegoose" /* Typegoose */:
+      throw new Error("Typegoose adapter not yet implemented. Coming in Phase 9.");
+    default:
+      throw new Error(`Unsupported schema type: ${schemaType}`);
+  }
+}
+// src/utils/errors.ts
+var MonapiError = class _MonapiError extends Error {
+  constructor(message, statusCode, code, details) {
+    super(message);
+    this.name = "MonapiError";
+    this.statusCode = statusCode;
+    this.code = code;
+    this.details = details;
+    Object.setPrototypeOf(this, _MonapiError.prototype);
+  }
+};
+var NotFoundError = class _NotFoundError extends MonapiError {
+  constructor(resource, id) {
+    const message = id ? `${resource} with id '${id}' not found` : `${resource} not found`;
+    super(message, 404, "NOT_FOUND");
+    this.name = "NotFoundError";
+    Object.setPrototypeOf(this, _NotFoundError.prototype);
+  }
+};
+var ValidationError = class _ValidationError extends MonapiError {
+  constructor(message, details) {
+    super(message, 400, "VALIDATION_ERROR", details);
+    this.name = "ValidationError";
+    Object.setPrototypeOf(this, _ValidationError.prototype);
+  }
+};
+var ForbiddenError = class _ForbiddenError extends MonapiError {
+  constructor(message = "Access denied") {
+    super(message, 403, "FORBIDDEN");
+    this.name = "ForbiddenError";
+    Object.setPrototypeOf(this, _ForbiddenError.prototype);
+  }
+};
+var UnauthorizedError = class _UnauthorizedError extends MonapiError {
+  constructor(message = "Authentication required") {
+    super(message, 401, "UNAUTHORIZED");
+    this.name = "UnauthorizedError";
+    Object.setPrototypeOf(this, _UnauthorizedError.prototype);
+  }
+};
+var BadRequestError = class _BadRequestError extends MonapiError {
+  constructor(message, details) {
+    super(message, 400, "BAD_REQUEST", details);
+    this.name = "BadRequestError";
+    Object.setPrototypeOf(this, _BadRequestError.prototype);
+  }
+};
+// src/engine/filter-parser.ts
+var OPERATOR_MAP = {
+  eq: "$eq",
+  ne: "$ne",
+  gt: "$gt",
+  gte: "$gte",
+  lt: "$lt",
+  lte: "$lte",
+  in: "$in",
+  nin: "$nin",
+  like: "$regex",
+  exists: "$exists"
+};
+var RESERVED_PARAMS = /* @__PURE__ */ new Set(["page", "limit", "sort", "fields", "filter"]);
+var DEFAULT_MAX_REGEX_LENGTH = 100;
+var DEFAULT_MAX_FILTERS = 20;
+function parseFilters(query, options = {}) {
+  const { adapter, queryConfig, maxRegexLength = DEFAULT_MAX_REGEX_LENGTH, maxFilters = DEFAULT_MAX_FILTERS } = options;
+  const allowedFields = queryConfig?.allowedFilters ?? adapter?.getFields();
+  const filter = {};
+  let filterCount = 0;
+  if (query.filter && typeof query.filter === "object") {
+    for (const [field, ops] of Object.entries(query.filter)) {
+      validateField(field, allowedFields);
+      if (typeof ops === "object" && ops !== null) {
+        for (const [op, val] of Object.entries(ops)) {
+          if (++filterCount > maxFilters) {
+            throw new BadRequestError(`Too many filters. Maximum allowed: ${maxFilters}`);
+          }
+          const operator = op;
+          validateOperator(operator);
+          const fieldType = adapter?.getFieldType(field);
+          applyFilter(filter, field, operator, val, fieldType, maxRegexLength);
+        }
+      } else {
+        if (++filterCount > maxFilters) {
+          throw new BadRequestError(`Too many filters. Maximum allowed: ${maxFilters}`);
+        }
+        const fieldType = adapter?.getFieldType(field);
+        applyFilter(filter, field, "eq", ops, fieldType, maxRegexLength);
+      }
+    }
+  }
+  for (const [key, value] of Object.entries(query)) {
+    if (RESERVED_PARAMS.has(key) || key === "filter") continue;
+    if (value === void 0 || value === "") continue;
+    const { field, operator } = parseParamKey(key);
+    validateField(field, allowedFields);
+    if (++filterCount > maxFilters) {
+      throw new BadRequestError(`Too many filters. Maximum allowed: ${maxFilters}`);
+    }
+    validateOperator(operator);
+    const fieldType = adapter?.getFieldType(field);
+    applyFilter(filter, field, operator, value, fieldType, maxRegexLength);
+  }
+  return filter;
+}
+function parseParamKey(key) {
+  const doubleUnderscoreIndex = key.indexOf("__");
+  if (doubleUnderscoreIndex === -1) {
+    return { field: key, operator: "eq" };
+  }
+  const field = key.substring(0, doubleUnderscoreIndex);
+  const operator = key.substring(doubleUnderscoreIndex + 2);
+  return { field, operator };
+}
+function validateField(field, allowedFields) {
+  if (field.startsWith("$")) {
+    throw new BadRequestError(`Invalid filter field: ${field}`);
+  }
+  if (allowedFields && !allowedFields.includes(field)) {
+    throw new BadRequestError(`Filtering on field '${field}' is not allowed`);
+  }
+}
+function validateOperator(operator) {
+  if (!(operator in OPERATOR_MAP)) {
+    throw new BadRequestError(
+      `Unsupported filter operator: '${operator}'. Supported: ${Object.keys(OPERATOR_MAP).join(", ")}`
+    );
+  }
+}
+function applyFilter(filter, field, operator, rawValue, fieldType, maxRegexLength) {
+  const mongoOp = OPERATOR_MAP[operator];
+  const value = coerceValue(rawValue, operator, fieldType, maxRegexLength);
+  if (operator === "eq") {
+    filter[field] = value;
+  } else {
+    if (!filter[field] || typeof filter[field] !== "object") {
+      filter[field] = {};
+    }
+    filter[field][mongoOp] = value;
+  }
+}
+function coerceValue(raw, operator, fieldType, maxRegexLength = DEFAULT_MAX_REGEX_LENGTH) {
+  if (operator === "in" || operator === "nin") {
+    const items = String(raw).split(",").map((s) => s.trim());
+    return items.map((item) => coerceSingleValue(item, fieldType));
+  }
+  if (operator === "exists") {
+    return raw === "true" || raw === "1";
+  }
+  if (operator === "like") {
+    const pattern = String(raw);
+    if (pattern.length > maxRegexLength) {
+      throw new BadRequestError(
+        `Regex pattern too long. Maximum length: ${maxRegexLength}`
+      );
+    }
+    const escaped = escapeRegex(pattern);
+    return new RegExp(escaped, "i");
+  }
+  return coerceSingleValue(raw, fieldType);
+}
+function coerceSingleValue(raw, fieldType) {
+  const str = String(raw);
+  if (fieldType) {
+    switch (fieldType) {
+      case "number" /* Number */:
+        const num = Number(str);
+        if (!isNaN(num)) return num;
+        break;
+      case "boolean" /* Boolean */:
+        if (str === "true" || str === "1") return true;
+        if (str === "false" || str === "0") return false;
+        break;
+      case "date" /* Date */:
+        const date = new Date(str);
+        if (!isNaN(date.getTime())) return date;
+        break;
+    }
+  }
+  if (/^-?\d+(\.\d+)?$/.test(str)) {
+    return Number(str);
+  }
+  if (str === "true") return true;
+  if (str === "false") return false;
+  if (/^\d{4}-\d{2}-\d{2}(T\d{2}:\d{2}:\d{2})?/.test(str)) {
+    const date = new Date(str);
+    if (!isNaN(date.getTime())) return date;
+  }
+  return str;
+}
+function escapeRegex(str) {
+  return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+// src/engine/query-builder.ts
+var DEFAULT_PAGE = 1;
+var DEFAULT_LIMIT = 10;
+var DEFAULT_MAX_LIMIT = 100;
+function buildQuery(queryParams, options = {}) {
+  const {
+    adapter,
+    queryConfig,
+    defaultLimit = queryConfig?.defaultLimit ?? DEFAULT_LIMIT,
+    maxLimit = queryConfig?.maxLimit ?? DEFAULT_MAX_LIMIT,
+    maxRegexLength
+  } = options;
+  const filter = parseFilters(queryParams, { adapter, queryConfig, maxRegexLength });
+  const sort = parseSort(queryParams.sort, queryConfig, adapter);
+  const { skip, limit } = parsePagination(queryParams, defaultLimit, maxLimit);
+  const projection = parseProjection(queryParams.fields, adapter);
+  const mongoQuery = { filter };
+  if (Object.keys(sort).length > 0) {
+    mongoQuery.sort = sort;
+  }
+  mongoQuery.skip = skip;
+  mongoQuery.limit = limit;
+  if (projection && Object.keys(projection).length > 0) {
+    mongoQuery.projection = projection;
+  }
+  return mongoQuery;
+}
+function parseSort(sortParam, queryConfig, adapter) {
+  const sort = {};
+  if (!sortParam && queryConfig?.defaultSort) {
+    sortParam = queryConfig.defaultSort;
+  }
+  if (!sortParam) return sort;
+  const fields = Array.isArray(sortParam) ? sortParam : sortParam.split(",").map((s) => s.trim());
+  const allowedSorts = queryConfig?.allowedSorts ?? adapter?.getFields();
+  for (const field of fields) {
+    if (!field) continue;
+    let direction = 1;
+    let fieldName = field;
+    if (field.startsWith("-")) {
+      direction = -1;
+      fieldName = field.substring(1);
+    }
+    if (fieldName.startsWith("$")) {
+      throw new BadRequestError(`Invalid sort field: ${fieldName}`);
+    }
+    if (allowedSorts && !allowedSorts.includes(fieldName)) {
+      throw new BadRequestError(`Sorting by '${fieldName}' is not allowed`);
+    }
+    sort[fieldName] = direction;
+  }
+  return sort;
+}
+function parsePagination(queryParams, defaultLimit, maxLimit) {
+  let page = parseInt(queryParams.page, 10);
+  let limit = parseInt(queryParams.limit, 10);
+  if (isNaN(page) || page < 1) page = DEFAULT_PAGE;
+  if (isNaN(limit) || limit < 1) limit = defaultLimit;
+  if (limit > maxLimit) limit = maxLimit;
+  const skip = (page - 1) * limit;
+  return { skip, limit, page };
+}
+function parseProjection(fieldsParam, adapter) {
+  if (!fieldsParam) return void 0;
+  const fields = Array.isArray(fieldsParam) ? fieldsParam : fieldsParam.split(",").map((s) => s.trim());
+  const schemaFields = adapter?.getFields();
+  const projection = {};
+  for (const field of fields) {
+    if (!field) continue;
+    if (field.startsWith("$")) {
+      throw new BadRequestError(`Invalid projection field: ${field}`);
+    }
+    if (schemaFields && !schemaFields.includes(field)) {
+      throw new BadRequestError(`Field '${field}' does not exist in schema`);
+    }
+    projection[field] = 1;
+  }
+  return Object.keys(projection).length > 0 ? projection : void 0;
+}
+function buildPaginationMeta(total, page, limit) {
+  return {
+    page,
+    limit,
+    total,
+    totalPages: Math.ceil(total / limit)
+  };
+}
+function extractPagination(queryParams, defaultLimit = DEFAULT_LIMIT, maxLimit = DEFAULT_MAX_LIMIT) {
+  let page = parseInt(queryParams.page, 10);
+  let limit = parseInt(queryParams.limit, 10);
+  if (isNaN(page) || page < 1) page = DEFAULT_PAGE;
+  if (isNaN(limit) || limit < 1) limit = defaultLimit;
+  if (limit > maxLimit) limit = maxLimit;
+  return { page, limit };
+}
+// src/engine/hook-executor.ts
+function createHookContext(params) {
+  const user = params.req.user;
+  return {
+    collection: params.collection,
+    operation: params.operation,
+    user,
+    query: params.query,
+    data: params.data,
+    id: params.id,
+    result: params.result,
+    req: params.req,
+    res: params.res,
+    meta: {}
+  };
+}
+async function executeHook(hooks, hookName, ctx, logger) {
+  if (!hooks) return ctx;
+  const hookFn = hooks[hookName];
+  if (!hookFn) return ctx;
+  try {
+    await hookFn(ctx);
+  } catch (error) {
+    if (logger) {
+      logger.error(`Hook '${hookName}' failed for collection '${ctx.collection}': ${error.message}`);
+    }
+    throw error;
+  }
+  return ctx;
+}
+// src/engine/crud-handlers.ts
+function createCRUDHandlers(options) {
+  const { collectionName, model, adapter, config, defaults, logger } = options;
+  return {
+    list: config.handlers?.list ?? createListHandler(collectionName, model, adapter, config, defaults, logger),
+    get: config.handlers?.get ?? createGetHandler(collectionName, model, adapter, config, logger),
+    create: config.handlers?.create ?? createCreateHandler(collectionName, model, adapter, config, logger),
+    update: config.handlers?.update ?? createUpdateHandler(collectionName, model, adapter, config, logger),
+    patch: config.handlers?.patch ?? createPatchHandler(collectionName, model, adapter, config, logger),
+    delete: config.handlers?.delete ?? createDeleteHandler(collectionName, model, config, logger)
+  };
+}
+function createListHandler(collectionName, model, adapter, config, defaults, logger) {
+  return async (req, res, next) => {
+    try {
+      const mongoQuery = buildQuery(req.query, {
+        adapter,
+        queryConfig: config.query ?? defaults?.query,
+        defaultLimit: defaults?.pagination?.limit,
+        maxLimit: defaults?.pagination?.maxLimit,
+        maxRegexLength: defaults?.security?.maxRegexLength
+      });
+      const ctx = createHookContext({
+        collection: collectionName,
+        operation: "find",
+        req,
+        res,
+        query: mongoQuery
+      });
+      await executeHook(config.hooks, "beforeFind", ctx, logger);
+      if (ctx.preventDefault) {
+        return;
+      }
+      const query = ctx.query ?? mongoQuery;
+      const [docs, total] = await Promise.all([
+        model.find(query.filter).sort(query.sort).skip(query.skip ?? 0).limit(query.limit ?? 10).select(query.projection ?? {}).lean().exec(),
+        model.countDocuments(query.filter).exec()
+      ]);
+      const { page, limit } = extractPagination(req.query, defaults?.pagination?.limit, defaults?.pagination?.maxLimit);
+      ctx.result = docs;
+      await executeHook(config.hooks, "afterFind", ctx, logger);
+      const response = {
+        data: ctx.result ?? docs,
+        meta: buildPaginationMeta(total, page, limit)
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+function createGetHandler(collectionName, model, _adapter, config, logger) {
+  return async (req, res, next) => {
+    try {
+      const { id } = req.params;
+      const fieldsParam = req.query.fields;
+      let projection;
+      if (fieldsParam) {
+        const fields = typeof fieldsParam === "string" ? fieldsParam.split(",") : fieldsParam;
+        projection = {};
+        for (const f of fields) {
+          const trimmed = f.trim();
+          if (trimmed && !trimmed.startsWith("$")) {
+            projection[trimmed] = 1;
+          }
+        }
+      }
+      const ctx = createHookContext({
+        collection: collectionName,
+        operation: "find",
+        req,
+        res,
+        id
+      });
+      await executeHook(config.hooks, "beforeFind", ctx, logger);
+      if (ctx.preventDefault) return;
+      let query = model.findById(id);
+      if (projection) query = query.select(projection);
+      const doc = await query.lean().exec();
+      if (!doc) {
+        throw new NotFoundError(collectionName, id);
+      }
+      ctx.result = doc;
+      await executeHook(config.hooks, "afterFind", ctx, logger);
+      const response = { data: ctx.result ?? doc };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+function createCreateHandler(collectionName, model, adapter, config, logger) {
+  return async (req, res, next) => {
+    try {
+      const data = req.body;
+      const validation = await adapter.validate(data);
+      if (!validation.valid) {
+        throw new ValidationError("Validation failed", validation.errors);
+      }
+      const ctx = createHookContext({
+        collection: collectionName,
+        operation: "create",
+        req,
+        res,
+        data: validation.data ?? data
+      });
+      await executeHook(config.hooks, "beforeCreate", ctx, logger);
+      if (ctx.preventDefault) return;
+      const doc = await model.create(ctx.data ?? data);
+      const result = doc.toObject();
+      ctx.result = result;
+      await executeHook(config.hooks, "afterCreate", ctx, logger);
+      const response = { data: ctx.result ?? result };
+      res.status(201).json(response);
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+function createUpdateHandler(collectionName, model, adapter, config, logger) {
+  return async (req, res, next) => {
+    try {
+      const { id } = req.params;
+      const data = req.body;
+      const validation = await adapter.validate(data);
+      if (!validation.valid) {
+        throw new ValidationError("Validation failed", validation.errors);
+      }
+      const ctx = createHookContext({
+        collection: collectionName,
+        operation: "update",
+        req,
+        res,
+        id,
+        data: validation.data ?? data
+      });
+      await executeHook(config.hooks, "beforeUpdate", ctx, logger);
+      if (ctx.preventDefault) return;
+      const doc = await model.findByIdAndUpdate(id, ctx.data ?? data, { new: true, runValidators: true, overwrite: true }).lean().exec();
+      if (!doc) {
+        throw new NotFoundError(collectionName, id);
+      }
+      ctx.result = doc;
+      await executeHook(config.hooks, "afterUpdate", ctx, logger);
+      const response = { data: ctx.result ?? doc };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+function createPatchHandler(collectionName, model, _adapter, config, logger) {
+  return async (req, res, next) => {
+    try {
+      const { id } = req.params;
+      const data = req.body;
+      if (typeof data !== "object" || data === null || Array.isArray(data)) {
+        throw new ValidationError("Request body must be an object");
+      }
+      for (const key of Object.keys(data)) {
+        if (key.startsWith("$")) {
+          throw new ValidationError(`Invalid field name: ${key}`);
+        }
+      }
+      const ctx = createHookContext({
+        collection: collectionName,
+        operation: "patch",
+        req,
+        res,
+        id,
+        data
+      });
+      await executeHook(config.hooks, "beforeUpdate", ctx, logger);
+      if (ctx.preventDefault) return;
+      const doc = await model.findByIdAndUpdate(id, { $set: ctx.data ?? data }, { new: true, runValidators: true }).lean().exec();
+      if (!doc) {
+        throw new NotFoundError(collectionName, id);
+      }
+      ctx.result = doc;
+      await executeHook(config.hooks, "afterUpdate", ctx, logger);
+      const response = { data: ctx.result ?? doc };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+function createDeleteHandler(collectionName, model, config, logger) {
+  return async (req, res, next) => {
+    try {
+      const { id } = req.params;
+      const ctx = createHookContext({
+        collection: collectionName,
+        operation: "delete",
+        req,
+        res,
+        id
+      });
+      await executeHook(config.hooks, "beforeDelete", ctx, logger);
+      if (ctx.preventDefault) return;
+      const doc = await model.findByIdAndDelete(id).lean().exec();
+      if (!doc) {
+        throw new NotFoundError(collectionName, id);
+      }
+      ctx.result = doc;
+      await executeHook(config.hooks, "afterDelete", ctx, logger);
+      res.json({ data: ctx.result ?? doc });
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+// src/middleware/auth.ts
+var ROUTE_TO_CRUD = {
+  list: "find",
+  get: "find",
+  create: "create",
+  update: "update",
+  patch: "patch",
+  delete: "delete"
+};
+function createPermissionMiddleware(collection, routeOp, permissions) {
+  return async (req, _res, next) => {
+    try {
+      if (!permissions) {
+        next();
+        return;
+      }
+      const permission = permissions[routeOp];
+      if (!permission) {
+        next();
+        return;
+      }
+      const user = req.user;
+      if (!user) {
+        throw new UnauthorizedError();
+      }
+      const crudOp = ROUTE_TO_CRUD[routeOp] || routeOp;
+      const allowed = await checkPermission(permission, {
+        user,
+        collection,
+        operation: crudOp,
+        data: req.body,
+        id: req.params.id,
+        req
+      });
+      if (!allowed) {
+        throw new ForbiddenError();
+      }
+      next();
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+async function checkPermission(permission, ctx) {
+  if (Array.isArray(permission)) {
+    if (!ctx.user.roles || ctx.user.roles.length === 0) {
+      return false;
+    }
+    return permission.some((role) => ctx.user.roles?.includes(role));
+  }
+  if (typeof permission === "function") {
+    return permission(ctx);
+  }
+  return false;
+}
+function createAuthMiddleware(authConfig) {
+  if (authConfig?.middleware) {
+    return authConfig.middleware;
+  }
+  return (_req, _res, next) => {
+    next();
+  };
+}
+// src/router/express-router.ts
+function createCollectionRouter(options) {
+  const { collectionName, model, adapter, config, defaults, logger, authMiddleware } = options;
+  const router = Router();
+  const handlers = createCRUDHandlers({ collectionName, model, adapter, config, defaults, logger });
+  const operations = ["list", "get", "create", "update", "patch", "delete"];
+  const middlewareStacks = {};
+  for (const op of operations) {
+    const stack = [];
+    if (authMiddleware) {
+      stack.push(authMiddleware);
+    }
+    if (config.middleware?.all) {
+      stack.push(...config.middleware.all);
+    }
+    const opMiddleware = config.middleware?.[op];
+    if (opMiddleware) {
+      stack.push(...opMiddleware);
+    }
+    if (config.permissions) {
+      stack.push(createPermissionMiddleware(collectionName, op, config.permissions));
+    }
+    middlewareStacks[op] = stack;
+  }
+  router.get("/", ...middlewareStacks.list, handlers.list);
+  router.get("/:id", ...middlewareStacks.get, handlers.get);
+  router.post("/", ...middlewareStacks.create, handlers.create);
+  router.put("/:id", ...middlewareStacks.update, handlers.update);
+  router.patch("/:id", ...middlewareStacks.patch, handlers.patch);
+  router.delete("/:id", ...middlewareStacks.delete, handlers.delete);
+  return router;
+}
+// src/middleware/error-handler.ts
+function createErrorHandler(logger) {
+  return (err, _req, res, _next) => {
+    if (err instanceof MonapiError) {
+      if (logger) {
+        logger.warn(`${err.code}: ${err.message}`, { statusCode: err.statusCode });
+      }
+      const response2 = {
+        error: {
+          code: err.code,
+          message: err.message,
+          details: err.details
+        }
+      };
+      res.status(err.statusCode).json(response2);
+      return;
+    }
+    if (logger) {
+      logger.error(`Unhandled error: ${err.message}`, { stack: err.stack });
+    }
+    const message = process.env.NODE_ENV === "production" ? "Internal server error" : err.message;
+    const response = {
+      error: {
+        code: "INTERNAL_ERROR",
+        message
+      }
+    };
+    res.status(500).json(response);
+  };
+}
+// src/utils/logger.ts
+var defaultLogger = {
+  info(message, meta) {
+    console.log(`[monapi] INFO: ${message}`, meta ? meta : "");
+  },
+  warn(message, meta) {
+    console.warn(`[monapi] WARN: ${message}`, meta ? meta : "");
+  },
+  error(message, meta) {
+    console.error(`[monapi] ERROR: ${message}`, meta ? meta : "");
+  },
+  debug(message, meta) {
+    if (process.env.NODE_ENV !== "production") {
+      console.log(`[monapi] DEBUG: ${message}`, meta ? meta : "");
+    }
+  }
+};
+// src/monapi.ts
+var Monapi = class {
+  constructor(config) {
+    this.collections = /* @__PURE__ */ new Map();
+    this.config = config;
+    this.logger = config.logger ?? defaultLogger;
+    if (config.auth) {
+      this.authMiddleware = createAuthMiddleware(config.auth);
+    }
+  }
+  /**
+   * Register a collection resource.
+   * This will auto-generate all CRUD endpoints for the collection.
+   */
+  resource(name, collectionConfig) {
+    const adapter = collectionConfig.adapter ?? createSchemaAdapter(collectionConfig.schema);
+    const model = this.resolveModel(name, collectionConfig, adapter);
+    this.collections.set(name, { config: collectionConfig, model, adapter });
+    this.logger.debug(`Registered resource: ${name}`, {
+      fields: adapter.getFields()
+    });
+    return this;
+  }
+  /**
+   * Generate the Express router with all registered collection routes.
+   */
+  router() {
+    const mainRouter = Router();
+    const basePath = this.config.basePath ?? "";
+    for (const [name, { config, model, adapter }] of this.collections) {
+      const collectionRouter = createCollectionRouter({
+        collectionName: name,
+        model,
+        adapter,
+        config,
+        defaults: this.config.defaults,
+        logger: this.logger,
+        authMiddleware: this.authMiddleware
+      });
+      const path = basePath ? `${basePath}/${name}` : `/${name}`;
+      mainRouter.use(path, collectionRouter);
+      this.logger.info(`Mounted routes: ${path}`);
+    }
+    mainRouter.use(createErrorHandler(this.logger));
+    return mainRouter;
+  }
+  /**
+   * Get a registered collection's model
+   */
+  getModel(name) {
+    return this.collections.get(name)?.model;
+  }
+  /**
+   * Get a registered collection's adapter
+   */
+  getAdapter(name) {
+    return this.collections.get(name)?.adapter;
+  }
+  /**
+   * Resolve or create a Mongoose model from the collection config.
+   */
+  resolveModel(name, config, adapter) {
+    if (config.model) {
+      return config.model;
+    }
+    const adapterModel = adapter.getMongooseModel?.();
+    if (adapterModel) {
+      return adapterModel;
+    }
+    const mongooseSchema = adapter.getMongooseSchema?.();
+    if (mongooseSchema) {
+      const modelName = name.charAt(0).toUpperCase() + name.slice(1);
+      return this.config.connection.model(modelName, mongooseSchema);
+    }
+    throw new Error(
+      `Cannot resolve Mongoose model for collection '${name}'. Provide a Mongoose Model, a Mongoose Schema, or set the model option.`
+    );
+  }
+};
+export { BadRequestError, FieldType, ForbiddenError, Monapi, MonapiError, MongooseAdapter, NotFoundError, SchemaType, UnauthorizedError, ValidationError, buildPaginationMeta, buildQuery, createErrorHandler, createSchemaAdapter, detectSchemaType, parseFilters };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map