not-node 6.3.0 → 6.3.2

package/index.js

@@ -35,6 +35,8 @@ module.exports.Routine = require("./src/model/routine");
 module.exports.Common = require("./src/common");
 /** Fields library manager */
 module.exports.Fields = require("./src/fields");
+/** Application generic helpers */
+module.exports.notFieldsFilter = require("./src/fields/filter.js");
 module.exports.Forms = require("./src/form");
 /** Form validation template **/
 module.exports.Form = require("./src/form").Form;

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "not-node",
-	"version": "6.3.0",
+	"version": "6.3.2",
 	"description": "node complimentary part for client side notFramework.",
 	"main": "index.js",
 	"scripts": {
@@ -68,7 +68,6 @@
 		"not-log": "*",
 		"not-monitor": "*",
 		"not-path": "*",
-		"not-validation": "*",
 		"rate-limiter-flexible": "^2.4.1",
 		"redis": "^4.5.1",
 		"redlock": "^5.0.0-beta.2",
@@ -94,6 +93,7 @@
 		"mocha": "*",
 		"mocha-suppress-logs": "^0.3.1",
 		"mongodb-memory-server": "^8.11.0",
+		"not-validation": "^0.0.9",
 		"npm-run-all": "^4.1.5",
 		"nyc": "^15.1.0",
 		"retire": "^3.2.1"

package/src/auth/const.js

@@ -1,13 +1,30 @@
 const DEFAULT_USER_ROLE_FOR_ADMIN = "root";
 const DEFAULT_USER_ROLE_FOR_GUEST = "guest";
 
+const ACTION_SIGNATURE_CREATE = "create";
+const ACTION_SIGNATURE_READ = "read";
+const ACTION_SIGNATURE_UPDATE = "update";
+const ACTION_SIGNATURE_DELETE = "delete";
+const ACTION_SIGNATURE_ANY = "any";
+
+const ACTION_SIGNATURES = {
+    CREATE: ACTION_SIGNATURE_CREATE,
+    READ: ACTION_SIGNATURE_READ,
+    UPDATE: ACTION_SIGNATURE_UPDATE,
+    DELETE: ACTION_SIGNATURE_DELETE,
+    ANY: ACTION_SIGNATURE_ANY,
+};
+
 const OBJECT_STRING = "[object String]";
 
 const DOCUMENT_OWNER_FIELD_NAME = "owner";
+const TOKEN_TTL = 3600;
 
 module.exports = {
+    TOKEN_TTL,
     OBJECT_STRING,
     DEFAULT_USER_ROLE_FOR_GUEST,
     DEFAULT_USER_ROLE_FOR_ADMIN,
     DOCUMENT_OWNER_FIELD_NAME,
+    ACTION_SIGNATURES,
 };

package/src/auth/fields.js

@@ -6,7 +6,7 @@ const { objHas } = require("../common");
 /**
  * Get data owner ObjectId
  * @param {Object}             data  Document Object
- * @return {ObjectId|undefined}     owner ObjectId or undefined if field is not found
+ * @return {import('mongoose').Schema.Types.ObjectId|undefined}     owner ObjectId or undefined if field is not found
  */
 function getOwnerId(data, ownerFieldName = CONST.DOCUMENT_OWNER_FIELD_NAME) {
     if (typeof data !== "object") {
@@ -24,7 +24,7 @@ function getOwnerId(data, ownerFieldName = CONST.DOCUMENT_OWNER_FIELD_NAME) {
 /**
  * Check if data is belongs to user
  * @param {Object}   data      object
- * @param {ObjectId} user_id   possible owner
+ * @param {import('mongoose').Schema.Types.ObjectId} user_id   possible owner
  * @return {boolean}           true - belongs, false - not belongs
  **/
 
@@ -34,7 +34,12 @@ function isOwner(
     ownerFieldName = CONST.DOCUMENT_OWNER_FIELD_NAME
 ) {
     const ownerId = getOwnerId(data, ownerFieldName);
-    return COMMON.compareObjectIds(ownerId, user_id);
+    console.log("ownerId", ownerId, typeof ownerId);
+    if (typeof ownerId !== "undefined") {
+        return COMMON.compareObjectIds(ownerId, user_id);
+    } else {
+        return false;
+    }
 }
 
 /**
@@ -57,7 +62,7 @@ function ruleIsWildcard(safeFor) {
  * @param {Object}         field     description of field from schema
  * @param {string}         action    action to check against
  * @param {Array<string>}  roles     actor roles
- * @param {string}         special   special relations of actor and target (@owner, @system)
+ * @param {Array<string>}         special   special relations of actor and target (@owner, @system)
  * @return {boolean}                 true - safe
  **/
 function fieldIsSafe(field, action, roles, special) {
@@ -130,7 +135,7 @@ function getSafeFieldsForRoleAction(schema, action, roles, owner, system) {
  * @param {string}         action    action to check against
  * @param {Object}         data      source of data to extract from
  * @param {Array<string>}  roles     actor roles
- * @param {string|ObjectId}actorId   actor objectId
+ * @param {import('mongoose').Schema.Types.ObjectId} actorId   actor objectId
  * @param {boolean}        system    true if actor is a system procedure
  * @return {Object}                  object containing only data from safe fields
  **/

package/src/auth/roles.js

@@ -26,8 +26,8 @@ function compareRolesStrict(userRoles, actionRoles) {
 
 /**
  *	Compares two list of roles
- *	@param	{array|string}	userRoles 		roles of user
- *	@param	{array|string}	actionRoles 	roles of action
+ *	@param	{array|string|undefined}	userRoles 		roles of user
+ *	@param	{array|string|undefined}	actionRoles 	roles of action
  *	@param	{boolean}				strict 				if true userRoles should contain all of actionRoles. else atleast one
  *	@return {boolean}	if user roles comply to action roles
  **/

package/src/auth/rules.js

@@ -2,21 +2,43 @@ const ROLES = require("./roles");
 const postWarning = require("../obsolete");
 const { objHas } = require("../common");
 
+/**
+ * check if rule contains requirement about root/admin(obs) status of requester
+ *
+ * @param {import('../types').notRouteRule} rule
+ * @return {boolean}
+ */
 function ruleHasRootDirective(rule) {
     return (
-        (objHas(rule, "admin") && rule.admin) ||
-        (objHas(rule, "root") && rule.root)
+        (objHas(rule, "admin") && typeof rule.admin !== "undefined") ||
+        (objHas(rule, "root") && typeof rule.root !== "undefined")
     );
 }
 
+/**
+ * checks if requester `root` state comply rule of route action
+ *
+ * @param {import('../types').notRouteRule}     rule    rule to comply
+ * @param {boolean}                             root    actual requester state
+ * @return {boolean}
+ */
 function compareWithRoot(rule, root) {
     if (objHas(rule, "admin")) {
-        return rule.admin && root;
+        return typeof rule.admin !== "undefined" && rule.admin && root;
     } else {
-        return rule.root && root;
+        return typeof rule.root !== "undefined" && rule.root && root;
     }
 }
 
+/**
+ * checks roles list (in strict mode) then if auth state check needed performs it
+ * returns true if all checks passed or false if needed failed
+ *
+ * @param {import('../types').notRouteRule}     actionRule  rule to comply
+ * @param {Array<string>}                       userRole    array of user roles
+ * @param {boolean}                             auth        if user authenticated
+ * @return {boolean}
+ */
 function compareRuleRoles(actionRule, userRole, auth) {
     if (ROLES.compareRoles(userRole, actionRule.role)) {
         if (objHas(actionRule, "auth")) {
@@ -33,14 +55,31 @@ function compareRuleRoles(actionRule, userRole, auth) {
     }
 }
 
+/**
+ *  checks if user in required state of authetification
+ *
+ * @param {boolean} requiredAuth
+ * @param {boolean} userAuth
+ * @return {boolean}
+ */
 function roleRequireAuthState(requiredAuth, userAuth) {
+    //to pass
+    //or true and true
     if (requiredAuth && userAuth) {
         return true;
     } else {
+        //or !false && !false
         return !requiredAuth && !userAuth;
     }
 }
 
+/**
+ * default outcome - true, if no requirements in rule
+ *
+ * @param {import('../types').notRouteRule}     rule    rule to comply
+ * @param {boolean}                             auth    actual state of requester
+ * @return {boolean}
+ */
 function compareAuthStatus(rule, auth) {
     if (objHas(rule, "auth")) {
         return roleRequireAuthState(rule.auth, auth);
@@ -53,14 +92,11 @@ function compareAuthStatus(rule, auth) {
 
 /**
  *	Check rule against presented credentials
- *	@param	{object}		        rule	      action rule
- *  @param	{boolean}		        rule.auth   if user should be authenticated
- *  @param	{Array<String>}		  rule.role   if user shoud have some role
- *  @param	{boolean}		        rule.root   if user should be super user
- *	@param  {Boolean}		        auth	      user state of auth
- *	@param  {String|Array}	    role	      user state of role
- *	@param  {Boolean}		        root        user state of root
- *	@return {boolean}		        pass or not
+ *	@param	{import('../types').notRouteRule}		        rule	        action rule
+ *	@param  {boolean}		                                auth	        user state of auth
+ *	@param  {string|Array<string>}	                                role	user state of role
+ *	@param  {boolean}		                                root            user state of root
+ *	@return {boolean}		                                                pass or not
  */
 function checkCredentials(rule, auth, role, root) {
     //no rule - no access
@@ -68,7 +104,7 @@ function checkCredentials(rule, auth, role, root) {
         return false;
     } else {
         //posting message about obsolete options keys if found
-        postWarning(rule);
+        postWarning.obsoleteRuleFields(rule);
         //start comparing from top tier flags
         //if we have root/admin(obsolete) field field in rule compare only it
         if (ruleHasRootDirective(rule)) {

package/src/bootstrap/logic.js

@@ -15,17 +15,18 @@ module.exports = ({
     const config = configInit.readerForModule(MODULE_NAME);
 
     const LogAction = ({ action, by, role, ip, root }, params = {}) => {
-        Log.log({
-            time: new Date(),
-            module: MODULE_NAME,
-            logic: MODEL_NAME,
-            action,
-            root,
-            by,
-            role,
-            ip,
-            params,
-        });
+        Log &&
+            Log.log({
+                time: new Date(),
+                module: MODULE_NAME,
+                logic: MODEL_NAME,
+                action,
+                root,
+                by,
+                role,
+                ip,
+                params,
+            });
     };
 
     return {

package/src/bootstrap/route.js

@@ -85,7 +85,7 @@ module.exports = ({
         }
     };
 
-    const createDefaultForm = function ({ actionName }) {
+    const createDefaultForm = function ({ actionName, MODULE_NAME }) {
         const FIELDS = [
             ["activeUser", "not-node//requiredObject"],
             ["data", `${MODULE_NAME}//_data`],

package/src/common.js

@@ -44,6 +44,9 @@ module.exports.validateObjectId = (id) => {
  */
 module.exports.compareObjectIds = (firstId, secondId) => {
     try {
+        if (typeof firstId === "undefined" || typeof secondId === "undefined") {
+            return false;
+        }
         let a = firstId,
             b = secondId;
         if (typeof firstId !== "string") {
@@ -182,6 +185,10 @@ module.exports.executeObjectFunction = async (obj, name, params) => {
     }
 };
 
+module.exports.isNotEmptyString = (str) => {
+    return typeof str === "string" && str.length > 0 && str.trim().length > 0;
+};
+
 /**
  *  Executes method of object in apropriate way inside Promise
  * @param {Object}   from     original object

package/src/fields/filter.js

@@ -0,0 +1,326 @@
+const {
+    isFunc,
+    firstLetterToLower,
+    objHas,
+    isNotEmptyString,
+} = require("../common");
+const { getSafeFieldsForRoleAction } = require("../auth/fields");
+const { DEFAULT_USER_ROLE_FOR_GUEST } = require("../auth/const");
+/**
+ * notFilterFilter.filter(fields, getApp().getModelSchema(MODEL_NAME), {action});
+ *
+ *  usage:
+ * manifest = {
+ *      ...
+ *      actions:{
+ *          ...
+ *          list:{
+ *              rules:[{
+ *                  root: true,
+ *                  fields: notFilterFilter.filter(['@*'], getApp().getModelSchema(MODEL_NAME), {action:read});
+ *              }]
+ *          },
+ *          profile:{
+ *              method: 'get',
+ *              rules:[{
+ *                      auth: true
+ *                      fields: []
+ *                  },{
+ *                      root: true
+ *              }]
+ *          },
+ *      }
+ *      ...
+ * }
+ */
+
+const OPERATOR_EXCLUDE = "-";
+const SPECIAL_SET_PREFIX = "@";
+
+//system special fields sets aka system specials
+const SPECIAL_SET_ALL = "*";
+const SPECIAL_SET_SAFE = "safe";
+const SPECIAL_SET_UNSAFE = "unsafe";
+const SPECIAL_SET_TIMESTAMPS = "timestamps";
+const SPECIAL_SET_OWNAGE = "ownage";
+const SPECIAL_SET_VERSIONING = "versioning";
+const SPECIAL_SET_ID_NUMERIC = "ID";
+const SPECIAL_SET_ID_UUID = "id";
+
+/**
+ * @typedef     {Object}    FieldsFilteringModificators
+ * @property    {string}    [action]    read, update
+ * @property    {string}    [modelName] name of the schema model
+ * @property    {Array<string>} [roles] roles set
+ * @property    {boolean}   [owner]     owner initiated action
+ * @property    {boolean}   [system]    system initiated action
+ * @property    {boolean}   [root]      root initiated action
+ * @property    {boolean}   [auth]      authenticated user initiated action
+ */
+
+class notFieldsFilter {
+    static #USER_DEFINED_SETS = {};
+
+    static get userSets() {
+        return structuredClone(this.#USER_DEFINED_SETS);
+    }
+
+    static addSet(name, fields) {
+        if (
+            !Object.values(this.specials).includes(name) &&
+            fields.every(isNotEmptyString)
+        ) {
+            this.#USER_DEFINED_SETS[name] = fields;
+            return true;
+        }
+        return false;
+    }
+
+    static removeSet(name) {
+        if (objHas(this.#USER_DEFINED_SETS, name)) {
+            delete this.#USER_DEFINED_SETS[name];
+            return true;
+        }
+        return false;
+    }
+
+    static get specials() {
+        return {
+            ALL: SPECIAL_SET_ALL,
+            SAFE: SPECIAL_SET_SAFE,
+            UNSAFE: SPECIAL_SET_UNSAFE,
+            TIMESTAMPS: SPECIAL_SET_TIMESTAMPS,
+            OWNAGE: SPECIAL_SET_OWNAGE,
+            VERSIONING: SPECIAL_SET_VERSIONING,
+            ID_NUMERIC: SPECIAL_SET_ID_NUMERIC,
+            ID_UUID: SPECIAL_SET_ID_UUID,
+        };
+    }
+
+    static get specialSets() {
+        return {
+            ...this.#USER_DEFINED_SETS,
+            [SPECIAL_SET_ALL]: (schema) => {
+                return [
+                    `${SPECIAL_SET_PREFIX}${SPECIAL_SET_ID_UUID}`,
+                    `${SPECIAL_SET_PREFIX}${SPECIAL_SET_ID_NUMERIC}`,
+                    ...Object.keys(schema),
+                ];
+            },
+            [SPECIAL_SET_SAFE]: (
+                schema,
+                {
+                    action = "",
+                    roles = [DEFAULT_USER_ROLE_FOR_GUEST],
+                    owner = false,
+                    system = false,
+                }
+            ) => {
+                return getSafeFieldsForRoleAction(
+                    schema,
+                    action,
+                    roles,
+                    owner,
+                    system
+                );
+            },
+            [SPECIAL_SET_UNSAFE]: ["salt", "password"],
+            [SPECIAL_SET_TIMESTAMPS]: ["createdAt", "updatedAt"],
+            [SPECIAL_SET_OWNAGE]: ["owner", "ownerId", "ownerModel"],
+            [SPECIAL_SET_VERSIONING]: [
+                "__version",
+                "__versions",
+                "__closed",
+                "__latest",
+                "__v",
+            ],
+            [SPECIAL_SET_ID_NUMERIC]: (schema, { modelName }) => {
+                return [`${firstLetterToLower(modelName)}ID`];
+            },
+            [SPECIAL_SET_ID_UUID]: ["_id"],
+        };
+    }
+
+    static getSpecialSetContent(setName, schema, mods) {
+        const setGenerator = this.specialSets[setName];
+        if (isFunc(setGenerator)) {
+            return [...setGenerator(schema, mods)];
+        } else {
+            return [...setGenerator];
+        }
+    }
+
+    static DEFAULT_SET = [`${SPECIAL_SET_PREFIX}${SPECIAL_SET_ALL}`];
+
+    /**
+     *
+     *
+     * @static
+     * @param {Array<string>} fieldsSet
+     * @return {boolean}
+     * @memberof notFieldsFilter
+     */
+    static isContainingSpecialSets(fieldsSet) {
+        return this.getFirstSpecialSetIndex(fieldsSet) > -1;
+    }
+
+    static isExcludeOperation(fieldItem) {
+        return fieldItem.indexOf(OPERATOR_EXCLUDE) === 0;
+    }
+
+    static getFirstExcludeOperationIndex(fieldsSet) {
+        return fieldsSet.findIndex((item) => this.isExcludeOperation(item));
+    }
+
+    static isContainingExcludeOperation(fieldsSet) {
+        return this.getFirstExcludeOperationIndex(fieldsSet) > -1;
+    }
+
+    /**
+     *
+     *
+     * @static
+     * @param {Array<string>} fieldsSet
+     * @return {number}
+     * @memberof notFieldsFilter
+     */
+    static getFirstSpecialSetIndex(fieldsSet) {
+        return fieldsSet.findIndex((item) => this.isSpecialSet(item));
+    }
+
+    static isSpecialSet(name) {
+        // @something or -@something
+        return (
+            name.indexOf(SPECIAL_SET_PREFIX) === 0 ||
+            (name.indexOf(SPECIAL_SET_PREFIX) === 1 &&
+                name.indexOf(OPERATOR_EXCLUDE) === 0)
+        );
+    }
+
+    /**
+     *
+     *
+     * @static
+     * @param {string} name
+     * @return {string}
+     * @memberof notFieldsFilter
+     */
+    static getSpecialSetNameFromFieldsSetItem(name) {
+        return name.substring(name.indexOf(SPECIAL_SET_PREFIX) + 1);
+    }
+
+    static fieldsListIsNotPlain(fieldsList) {
+        return (
+            this.isContainingSpecialSets(fieldsList) ||
+            this.isContainingExcludeOperation(fieldsList)
+        );
+    }
+
+    static applyExcludeOperationToFieldItem(fieldItem) {
+        if (this.isExcludeOperation(fieldItem)) {
+            return this.unmarkFieldToExlude(fieldItem);
+        } else {
+            return this.markFieldToExlude(fieldItem);
+        }
+    }
+
+    static applyExludeOperationToFieldsItems(fields) {
+        return fields.map((item) =>
+            this.applyExcludeOperationToFieldItem(item)
+        );
+    }
+
+    /**
+     * input field item marked to be included
+     *  output field item marked to be exluded
+     * @static
+     * @param {string} field    field
+     * @return {string}         -field
+     * @memberof notFieldsFilter
+     */
+    static markFieldToExlude(field) {
+        return `${OPERATOR_EXCLUDE}${field}`;
+    }
+
+    /**
+     * input field item marked to be exluded
+     * output field item marked to be included
+     * @static
+     * @param {string} field    -field
+     * @return {string}         field
+     * @memberof notFieldsFilter
+     */
+    static unmarkFieldToExlude(field) {
+        return field.substring(1);
+    }
+
+    /**
+     * translates fields items with specials to plain fields names
+     *
+     * @static
+     * @param {Array<string>} fields
+     * @param {import('mongoose').SchemaDefinition} schema
+     * @param {FieldsFilteringModificators} [mods]
+     * @return {Array<string>}
+     * @memberof notFieldsFilter
+     */
+    static specialsToPlain(fields, schema, mods) {
+        while (this.isContainingSpecialSets(fields)) {
+            const index = this.getFirstSpecialSetIndex(fields);
+            const specialSetItem = fields[index];
+            const specialSetName =
+                this.getSpecialSetNameFromFieldsSetItem(specialSetItem);
+            const exclude = this.isExcludeOperation(specialSetItem);
+            const fieldsToInsert = this.getSpecialSetContent(
+                specialSetName,
+                schema,
+                mods
+            );
+            const operationAppliedFieldsList = exclude
+                ? this.applyExludeOperationToFieldsItems(fieldsToInsert)
+                : fieldsToInsert;
+            fields.splice(index, 1, ...operationAppliedFieldsList);
+        }
+        return fields;
+    }
+
+    static removeExcludedFields(fields) {
+        const result = [...fields];
+        while (this.isContainingExcludeOperation(result)) {
+            let index = this.getFirstExcludeOperationIndex(result);
+            const fieldNameToExclude = this.unmarkFieldToExlude(result[index]);
+            result.splice(index, 1);
+            while (
+                result.indexOf(fieldNameToExclude) > -1 &&
+                result.indexOf(fieldNameToExclude) < index
+            ) {
+                result.splice(result.indexOf(fieldNameToExclude), 1);
+                index--;
+            }
+        }
+        return result;
+    }
+
+    /**
+     * Creates plain fields list from fields list with fields, synonyms, fields sets
+     * and exlude operations
+     * schema = {name, description, country, __versions, __version, __closed, __latest, __v}
+     * ['*','-@versioning'] -> [_id, name, description, country]
+     * exlude X exlude -> include
+     * some @fieldsSet = ['-name', 'country']
+     * ['-@fieldsSet'] -> ['name', '-country']
+     * @static
+     * @param {Array<string>} fieldsSet
+     * @param {import('mongoose').SchemaDefinition} schema
+     * @param {FieldsFilteringModificators} mods
+     * @return {Array<string>}
+     * @memberof notFieldsFilter
+     */
+    static filter(fieldsSet, schema = {}, mods = { action: undefined }) {
+        const fields = [...fieldsSet];
+        this.specialsToPlain(fields, schema, mods);
+        return this.removeExcludedFields(fields);
+    }
+}
+
+module.exports = notFieldsFilter;

package/src/fields/index.js

@@ -17,7 +17,7 @@ module.exports.initFileSchemaFromFields = ({
     to = DEFAULT_TO,
     moduleName = "",
 }) => {
-    const FIELDS = notPath.get(from, mod);
+    const FIELDS = notPath.get(from, mod, {});
     if (FIELDS && Array.isArray(FIELDS)) {
         const schema = module.exports.createSchemaFromFields(
             app,
@@ -25,7 +25,7 @@ module.exports.initFileSchemaFromFields = ({
             type,
             moduleName
         );
-        notPath.set(to, mod, schema);
+        notPath.set(to, mod, schema, undefined);
     }
 };
 

package/src/form/env_extractors/activeUser.js

@@ -1,6 +1,6 @@
 module.exports = (form, req) => {
     return {
         name: "activeUser",
-        value: req.user,
+        value: req?.user,
     };
 };

package/src/form/env_extractors/activeUserId.js

@@ -0,0 +1,6 @@
+module.exports = (form, req) => {
+    return {
+        name: "activeUser",
+        value: req?.user?._id,
+    };
+};

package/src/form/env_extractors/index.js

@@ -4,8 +4,11 @@
 
 module.exports = {
     ID: require("./ID.js"),
+    targetID: require("./ID.js"),
     _id: require("./_id.js"),
+    targetId: require("./_id.js"),
     activeUser: require("./activeUser.js"),
+    activeUserId: require("./activeUserId.js"),
     ip: require("./ip.js"),
     modelNameID: require("./modelNameID.js"),
     query: require("./query.js"),

package/src/form/env_extractors/query.js

@@ -1,6 +1,12 @@
 const notFilter = require("not-filter");
 const getApp = require("../../getApp");
 
+/**
+ *
+ * @param {import('../form')}                           form
+ * @param {import('../../types').notNodeExpressRequest} req
+ * @returns
+ */
 module.exports = (form, req) => {
     const MODULE_NAME = form.getModuleName();
     const MODEL_NAME = form.getModelName(req);