nuxt-auto-crud 1.2.2 → 1.4.0

package/src/runtime/server/utils/modelMapper.ts

@@ -6,12 +6,18 @@ import { pascalCase } from 'scule'
 import { getTableColumns as getDrizzleTableColumns } from 'drizzle-orm'
 import type { SQLiteTable } from 'drizzle-orm/sqlite-core'
 import { createError } from 'h3'
+import { useRuntimeConfig } from '#imports'
 
 /**
  * Fields that should never be updatable via PATCH requests
  */
 const PROTECTED_FIELDS = ['id', 'createdAt', 'created_at']
 
+/**
+ * Fields that should never be returned in API responses
+ */
+const HIDDEN_FIELDS = ['password', 'secret', 'token']
+
 /**
  * Custom updatable fields configuration (optional)
  * Only define here if you want to override the auto-detection
@@ -26,6 +32,14 @@ export const customUpdatableFields: Record<string, string[]> = {
   // By default, all fields except PROTECTED_FIELDS are updatable
 }
 
+/**
+ * Custom hidden fields configuration (optional)
+ * Only define here if you want to override the default hidden fields
+ */
+export const customHiddenFields: Record<string, string[]> = {
+  // Add custom hidden fields here if needed
+}
+
 /**
  * Automatically builds a map of all exported tables from the schema
  * No manual configuration needed!
@@ -163,3 +177,72 @@ export function getModelPluralName(modelName: string): string {
 export function getAvailableModels(): string[] {
   return Object.keys(modelTableMap)
 }
+
+/**
+ * Gets the hidden fields for a model
+ * @param modelName - The name of the model
+ * @returns Array of field names that should be hidden
+ */
+export function getHiddenFields(modelName: string): string[] {
+  // Check if custom hidden fields are defined for this model
+  if (customHiddenFields[modelName]) {
+    return customHiddenFields[modelName]
+  }
+
+  return HIDDEN_FIELDS
+}
+
+/**
+ * Gets the public columns for a model
+ * @param modelName - The name of the model
+ * @returns Array of field names that are public (or undefined if all are public)
+ */
+export function getPublicColumns(modelName: string): string[] | undefined {
+  const { resources } = useRuntimeConfig().autoCrud
+  return resources?.[modelName]?.publicColumns
+}
+
+/**
+ * Filters an object to only include public columns (if configured)
+ * @param modelName - The name of the model
+ * @param data - The data object to filter
+ * @returns Filtered object
+ */
+export function filterPublicColumns(modelName: string, data: Record<string, unknown>): Record<string, unknown> {
+  const publicColumns = getPublicColumns(modelName)
+
+  // If no public columns configured, return all (except hidden)
+  if (!publicColumns) {
+    return filterHiddenFields(modelName, data)
+  }
+
+  const filtered: Record<string, unknown> = {}
+
+  for (const [key, value] of Object.entries(data)) {
+    // Must be in publicColumns AND not in hidden fields (double safety)
+    if (publicColumns.includes(key) && !getHiddenFields(modelName).includes(key)) {
+      filtered[key] = value
+    }
+  }
+
+  return filtered
+}
+
+/**
+ * Filters an object to exclude hidden fields
+ * @param modelName - The name of the model
+ * @param data - The data object to filter
+ * @returns Filtered object without hidden fields
+ */
+export function filterHiddenFields(modelName: string, data: Record<string, unknown>): Record<string, unknown> {
+  const hiddenFields = getHiddenFields(modelName)
+  const filtered: Record<string, unknown> = {}
+
+  for (const [key, value] of Object.entries(data)) {
+    if (!hiddenFields.includes(key)) {
+      filtered[key] = value
+    }
+  }
+
+  return filtered
+}