najm-auth 1.1.6 → 1.1.7

package/dist/index.d.ts

@@ -1267,14 +1267,14 @@ type OwnershipStep = JoinStep | OwnerStep;
 /**
  * JOIN step — links two columns across tables.
  * The target table is inferred from the right column.
- * Use aliased tables (`alias(table, '_sc_name')`) to avoid conflicts with display JOINs.
+ * Raw tables are auto-aliased when needed; already-aliased tables are preserved.
  *
- * @example join(grades.studentId, _students.id)
+ * @example join(grades.studentId, students.id)
  */
 declare function join(left: any, right: any): JoinStep;
 /**
  * WHERE step — terminal column that holds the user id.
- * @example where(_teachers.userId)
+ * @example where(teachers.userId)
  */
 declare function where(col: any): OwnerStep;
 type ScopeResult = {
@@ -1318,13 +1318,13 @@ declare class OwnershipToken {
  *
  * @example
  * export const Grade = own(grades)
- *   .for('teacher', join(grades.studentId, _s.id), where(_t.userId))
- *   .for('parent',  join(grades.studentId, _s.id), where(_p.userId))
+ *   .for('teacher', join(grades.studentId, students.id), where(teachers.userId))
+ *   .for('parent',  join(grades.studentId, students.id), where(parents.userId))
  *   .writeBy(grades.studentId);
  *
  * // With explicit admin roles (avoids global state):
  * export const Grade = own(grades, { adminRoles: ['admin', 'principal'] })
- *   .for('teacher', join(grades.studentId, _s.id), where(_t.userId));
+ *   .for('teacher', join(grades.studentId, students.id), where(teachers.userId));
  */
 declare function own(table: any, opts?: OwnershipTokenOptions): OwnershipToken;
 

package/dist/index.js

@@ -3019,12 +3019,15 @@ var selectSchema = /* @__PURE__ */ __name((config) => {
 var auth = /* @__PURE__ */ __name((config) => plugin("auth").version("1.0.0").depends(cache(), cookies(), i18n(), guards(), validation(config?.validation), rateLimit(config?.rateLimit), email()).requires("database").contributes(I18N_CONTRIBUTIONS, AUTH_LOCALES).services(auth_exports, users_exports, roles_exports, permissions_exports, tokens_exports).config(AUTH_CONFIG, mergeConfig(config)).set(AUTH_SCHEMA, selectSchema(config)).build(), "auth");
 
 // src/ownership/scopedOwnership.ts
-import { eq as eq6, sql as sql4 } from "drizzle-orm";
+import { aliasedTable, eq as eq6, getTableColumns, sql as sql4 } from "drizzle-orm";
 var DEFAULT_ADMIN_ROLES = ["admin", "principal"];
+var DRIZZLE_NAME = /* @__PURE__ */ Symbol.for("drizzle:Name");
+var DRIZZLE_BASE_NAME = /* @__PURE__ */ Symbol.for("drizzle:BaseName");
+var DRIZZLE_IS_ALIAS = /* @__PURE__ */ Symbol.for("drizzle:IsAlias");
 function join2(left, right) {
   const table = right.table;
   if (!table)
-    throw new Error(`join(): cannot infer table from right column. Use drizzle alias().`);
+    throw new Error("join(): cannot infer table from right column.");
   return { type: "join", left, right, table };
 }
 __name(join2, "join");
@@ -3032,9 +3035,72 @@ function where(col) {
   return { type: "owner", col };
 }
 __name(where, "where");
+function isAliased(table) {
+  return table?.[DRIZZLE_IS_ALIAS] === true;
+}
+__name(isAliased, "isAliased");
+function autoAlias(table, suffix) {
+  if (isAliased(table))
+    return table;
+  const name = table?.[DRIZZLE_BASE_NAME] ?? table?.[DRIZZLE_NAME] ?? "table";
+  return aliasedTable(table, `_sc_${String(name)}_${suffix}`);
+}
+__name(autoAlias, "autoAlias");
+function getColumns(table) {
+  try {
+    return getTableColumns(table) ?? null;
+  } catch {
+    return null;
+  }
+}
+__name(getColumns, "getColumns");
+function buildColumnMap(rawTable, aliased) {
+  const rawCols = getColumns(rawTable);
+  const aliasedCols = getColumns(aliased);
+  const map = /* @__PURE__ */ new Map();
+  if (!rawCols || !aliasedCols)
+    return map;
+  for (const key of Object.keys(rawCols)) {
+    map.set(rawCols[key], aliasedCols[key]);
+  }
+  return map;
+}
+__name(buildColumnMap, "buildColumnMap");
 function compile(steps) {
-  const joins = steps.filter((s) => s.type === "join");
-  const owner = steps.find((s) => s.type === "owner");
+  const tableMap = /* @__PURE__ */ new Map();
+  const colMap = /* @__PURE__ */ new Map();
+  let aliasIndex = 0;
+  for (const step of steps) {
+    if (step.type !== "join")
+      continue;
+    const rawTable = step.right.table;
+    if (isAliased(rawTable) || tableMap.has(rawTable) || !getColumns(rawTable))
+      continue;
+    const aliased = autoAlias(rawTable, ++aliasIndex);
+    tableMap.set(rawTable, aliased);
+    for (const [rawCol, aliasedCol] of buildColumnMap(rawTable, aliased)) {
+      colMap.set(rawCol, aliasedCol);
+    }
+  }
+  const remapped = steps.map((step) => {
+    if (step.type === "join") {
+      return {
+        ...step,
+        left: colMap.get(step.left) ?? step.left,
+        right: colMap.get(step.right) ?? step.right,
+        table: tableMap.get(step.right.table) ?? step.right.table
+      };
+    }
+    if (step.type === "owner") {
+      return {
+        ...step,
+        col: colMap.get(step.col) ?? step.col
+      };
+    }
+    return step;
+  });
+  const joins = remapped.filter((s) => s.type === "join");
+  const owner = remapped.find((s) => s.type === "owner");
   if (!owner)
     throw new Error("Ownership chain must end with where()");
   return (uid, query) => {
@@ -3056,7 +3122,7 @@ var OwnershipToken = class {
   _writeScopeCol;
   _adminRoles;
   constructor(table, opts) {
-    const name = table[/* @__PURE__ */ Symbol.for("drizzle:Name")] ?? table?._.baseName ?? table?._.name ?? "resource";
+    const name = table[DRIZZLE_NAME] ?? table?._.baseName ?? table?._.name ?? "resource";
     this.name = name;
     this.table = table;
     this.symbol = Symbol(name);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "najm-auth",
-  "version": "1.1.6",
+  "version": "1.1.7",
   "description": "Authentication and authorization library for najm framework",
   "type": "module",
   "files": [