nuxt-auto-crud 1.24.0 → 1.26.0

package/src/runtime/server/utils/modelMapper.ts

@@ -7,53 +7,23 @@ import { getTableColumns as getDrizzleTableColumns, getTableName } from 'drizzle
 import type { SQLiteTable } from 'drizzle-orm/sqlite-core'
 import { createError } from 'h3'
 import { useRuntimeConfig } from '#imports'
+import { createInsertSchema } from 'drizzle-zod'
+import type { z } from 'zod'
 
-/**
- * Fields that should never be updatable via PATCH requests
- */
-const PROTECTED_FIELDS = ['id', 'created_at', 'updated_at', 'createdAt', 'updatedAt']
-
-/**
- * Fields that should never be returned in API responses
- */
-const HIDDEN_FIELDS = ['password', 'secret', 'token']
-
-/**
- * Custom updatable fields configuration (optional)
- * Only define here if you want to override the auto-detection
- *
- * Example:
- * export const customUpdatableFields: Record<string, string[]> = {
- *   users: ['name', 'avatar'], // Only these fields can be updated
- * }
- */
-export const customUpdatableFields: Record<string, string[]> = {
-  // Add custom field restrictions here if needed
-  // By default, all fields except PROTECTED_FIELDS are updatable
-}
+import { PROTECTED_FIELDS, HIDDEN_FIELDS } from './constants'
 
-/**
- * Custom hidden fields configuration (optional)
- * Only define here if you want to override the default hidden fields
- */
-export const customHiddenFields: Record<string, string[]> = {
-  // Add custom hidden fields here if needed
-}
+export const customUpdatableFields: Record<string, string[]> = {}
+export const customHiddenFields: Record<string, string[]> = {}
 
 /**
- * Automatically builds a map of all exported tables from the schema
- * No manual configuration needed!
+ * Builds a map of all exported Drizzle tables from the schema.
  */
 function buildModelTableMap(): Record<string, unknown> {
   const tableMap: Record<string, unknown> = {}
 
-  // Iterate through all exports from schema
   for (const [key, value] of Object.entries(schema)) {
-    // Check if it's a Drizzle table
     if (value && typeof value === 'object') {
       try {
-        // getTableName returns the table name for valid tables, and undefined/null for others (like relations)
-        // This is a more robust check than checking for properties
         // eslint-disable-next-line @typescript-eslint/no-explicit-any
         const tableName = getTableName(value as any)
         if (tableName) {
@@ -61,7 +31,7 @@ function buildModelTableMap(): Record<string, unknown> {
         }
       }
       catch {
-        // Ignore if it throws (not a table)
+        // Not a table
       }
     }
   }
@@ -69,17 +39,10 @@ function buildModelTableMap(): Record<string, unknown> {
   return tableMap
 }
 
-/**
- * Auto-generated model table map
- * Automatically includes all tables from schema
- */
 export const modelTableMap = buildModelTableMap()
 
 /**
- * Gets the table for a given model name
- * @param modelName - The name of the model (e.g., 'users', 'products')
- * @returns The corresponding database table
- * @throws Error if model is not found
+ * @throws 404 if modelName is not found in tableMap.
  */
 export function getTableForModel(modelName: string): SQLiteTable {
   const table = modelTableMap[modelName]
@@ -95,10 +58,6 @@ export function getTableForModel(modelName: string): SQLiteTable {
   return table as SQLiteTable
 }
 
-/**
- * Auto-detects updatable fields for a table
- * Returns all fields except protected ones (id, createdAt, etc.)
- */
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 function getTableColumns(table: any): string[] {
   try {
@@ -111,33 +70,20 @@ function getTableColumns(table: any): string[] {
   }
 }
 
-/**
- * Gets the updatable fields for a model
- * @param modelName - The name of the model
- * @returns Array of field names that can be updated
- */
 export function getUpdatableFields(modelName: string): string[] {
-  // Check if custom fields are defined for this model
   if (customUpdatableFields[modelName]) {
     return customUpdatableFields[modelName]
   }
 
-  // Auto-detect from table schema
   const table = modelTableMap[modelName]
-
   if (!table) return []
 
   const allColumns = getTableColumns(table)
-
-  // Filter out protected fields
-  return allColumns.filter(col => !PROTECTED_FIELDS.includes(col))
+  return allColumns.filter(col => !PROTECTED_FIELDS.includes(col) && !HIDDEN_FIELDS.includes(col))
 }
 
 /**
- * Filters an object to only include updatable fields for a model
- * @param modelName - The name of the model
- * @param data - The data object to filter
- * @returns Filtered object with only updatable fields
+ * Filters and coerces data for updates, handling timestamp conversion.
  */
 export function filterUpdatableFields(modelName: string, data: Record<string, unknown>): Record<string, unknown> {
   const allowedFields = getUpdatableFields(modelName)
@@ -151,7 +97,6 @@ export function filterUpdatableFields(modelName: string, data: Record<string, un
       let value = data[field]
       const column = columns[field]
 
-      // Coerce timestamp fields to Date objects if they are strings
       if (column && column.mode === 'timestamp' && typeof value === 'string') {
         value = new Date(value)
       }
@@ -163,79 +108,43 @@ export function filterUpdatableFields(modelName: string, data: Record<string, un
   return filtered
 }
 
-/**
- * Gets the singular name for a model (for error messages)
- * Uses pluralize library for accurate singular/plural conversion
- * @param modelName - The plural model name
- * @returns The singular name in PascalCase
- */
 export function getModelSingularName(modelName: string): string {
   const singular = pluralize.singular(modelName)
   return pascalCase(singular)
 }
 
-/**
- * Gets the plural name for a model
- * @param modelName - The model name (singular or plural)
- * @returns The plural name
- * @return The plural name
- */
 export function getModelPluralName(modelName: string): string {
   return pluralize.plural(modelName)
 }
 
-/**
- * Lists all available models
- * @returns Array of model names
- */
 export function getAvailableModels(): string[] {
   return Object.keys(modelTableMap)
 }
 
-/**
- * Gets the hidden fields for a model
- * @param modelName - The name of the model
- * @returns Array of field names that should be hidden
- */
 export function getHiddenFields(modelName: string): string[] {
-  // Check if custom hidden fields are defined for this model
-  if (customHiddenFields[modelName]) {
-    return customHiddenFields[modelName]
-  }
-
-  return HIDDEN_FIELDS
+  return customHiddenFields[modelName] ?? HIDDEN_FIELDS
 }
 
-/**
- * Gets the public columns for a model
- * @param modelName - The name of the model
- * @returns Array of field names that are public (or undefined if all are public)
- */
 export function getPublicColumns(modelName: string): string[] | undefined {
   const { resources } = useRuntimeConfig().autoCrud
-  // Runtime config structure now matches simple key-value
   return resources?.[modelName]
 }
 
 /**
- * Filters an object to only include public columns (if configured)
- * @param modelName - The name of the model
- * @param data - The data object to filter
- * @returns Filtered object
+ * Restricts payload to runtimeConfig resource whitelist and filters hidden fields.
  */
 export function filterPublicColumns(modelName: string, data: Record<string, unknown>): Record<string, unknown> {
   const publicColumns = getPublicColumns(modelName)
 
-  // If no public columns configured, return all (except hidden)
   if (!publicColumns) {
     return filterHiddenFields(modelName, data)
   }
 
   const filtered: Record<string, unknown> = {}
+  const hidden = getHiddenFields(modelName)
 
   for (const [key, value] of Object.entries(data)) {
-    // Must be in publicColumns AND not in hidden fields (double safety)
-    if (publicColumns.includes(key) && !getHiddenFields(modelName).includes(key)) {
+    if (publicColumns.includes(key) && !hidden.includes(key)) {
       filtered[key] = value
     }
   }
@@ -243,12 +152,6 @@ export function filterPublicColumns(modelName: string, data: Record<string, unkn
   return filtered
 }
 
-/**
- * Filters an object to exclude hidden fields
- * @param modelName - The name of the model
- * @param data - The data object to filter
- * @returns Filtered object without hidden fields
- */
 export function filterHiddenFields(modelName: string, data: Record<string, unknown>): Record<string, unknown> {
   const hiddenFields = getHiddenFields(modelName)
   const filtered: Record<string, unknown> = {}
@@ -261,3 +164,34 @@ export function filterHiddenFields(modelName: string, data: Record<string, unkno
 
   return filtered
 }
+
+/**
+ * Generates Zod schema via drizzle-zod, omitting server-managed and protected fields.
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export function getZodSchema(modelName: string, type: 'insert' | 'patch' = 'insert'): z.ZodObject<any, any> {
+  const table = getTableForModel(modelName)
+  const schema = createInsertSchema(table)
+
+  if (type === 'patch') {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    return schema.partial() as z.ZodObject<any, any>
+  }
+
+  const OMIT_ON_CREATE = [
+    ...PROTECTED_FIELDS,
+    ...HIDDEN_FIELDS,
+  ]
+
+  const columns = getDrizzleTableColumns(table)
+  const fieldsToOmit: Record<string, true> = {}
+
+  OMIT_ON_CREATE.forEach((field) => {
+    if (columns[field]) {
+      fieldsToOmit[field] = true
+    }
+  })
+
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  return (schema as any).omit(fieldsToOmit)
+}

package/src/runtime/server/utils/schema.ts

@@ -30,6 +30,13 @@ export function drizzleTableToFields(table: any, resourceName: string) {
     })
   }
 
+  // Clifland Heuristic: Auto-detect the primary label for the resource
+  const fieldNames = fields.map(f => f.name)
+  const labelField = fieldNames.find(n => n === 'name')
+    || fieldNames.find(n => n === 'title')
+    || fieldNames.find(n => n === 'email')
+    || 'id'
+
   try {
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     const config = getTableConfig(table as any)
@@ -57,6 +64,7 @@ export function drizzleTableToFields(table: any, resourceName: string) {
 
   return {
     resource: resourceName,
+    labelField, // metadata point
     fields,
   }
 }