odac 1.4.1 → 1.4.3

package/docs/ai/skills/backend/validation.md

@@ -1,60 +1,160 @@
 ---
 name: backend-validation-skill
-description: Fluent ODAC validation strategies for input hardening, brute-force protection, and standardized error responses.
+description: Detailed ODAC Validator usage for request validation, security checks, brute-force protection, and consistent API responses.
 metadata:
   tags: backend, validation, fluent-api, input-security, brute-force, error-handling
 ---
 
 # Backend Validation Skill
 
-The `Validator` service provides a fluent, chainable API for securing user input and enforcing business rules.
-
-## Architectural Approach
-Validation should happen as early as possible in the request lifecycle. The `Validator` service handles automatic error formatting and frontend integration.
+ODAC validation should be centralized with the fluent `Validator` API and returned in framework-standard result format.
 
 ## Core Rules
-1.  **Chaining**: Use the fluent API: `.post(key).check(rules).message(msg)`.
-2.  **Brute Force**: Protect sensitive endpoints with `.brute(attempts)`.
-3.  **Automatic Errors**: Use `await validator.error()` to check status and `await validator.result()` to return standardized JSON.
-4.  **Inverse Rules**: Use `!` to invert any rule (e.g., `!required`).
+1.  **Create validator per request**: Use `const validator = Odac.validator()`.
+2.  **Fail fast**: Run all checks, then immediately return on `await validator.error()`.
+3.  **Field-first messages**: Assign a specific `.message(...)` per check chain.
+4.  **Use standard result shape**: Return `await validator.result('Validation failed')` for errors.
+5.  **Protect sensitive flows**: Add `await validator.brute(n)` on login/reset/auth endpoints.
+
+## Minimal Flow
+```javascript
+module.exports = async Odac => {
+  const validator = Odac.validator()
+
+  validator.post('email').check('required|email').message('Valid email required')
+  validator.post('password').check('required|minlen:8').message('Password must be at least 8 characters')
+
+  if (await validator.error()) {
+    await validator.brute(5)
+    return await validator.result('Validation failed')
+  }
+
+  return await validator.success({ok: true})
+}
+```
+
+## API Surface
+- `post(key)`: Validate POST payload field.
+- `get(key)`: Validate querystring field.
+- `var(name, value)`: Validate computed/custom value.
+- `file(name)`: Validate uploaded file object.
+- `check(rules | boolean)`: Apply pipe rules or direct boolean validation.
+- `message(text)`: Set message for the latest check on current field.
+- `error()`: Runs validation and returns `true` if any error exists.
+- `result(message?, data?)`: Returns ODAC-standard response object.
+- `success(dataOrMessage?)`: Convenience wrapper for success payload.
+- `brute(maxAttempts = 5)`: Tracks failed attempts per hour/page/ip.
+
+## Rule Catalog
+
+### Type & format rules
+- `required`, `accepted`
+- `numeric`, `float`
+- `alpha`, `alphaspace`, `alphanumeric`, `alphanumericspace`, `username`
+- `email`, `ip`, `mac`, `domain`, `url`
+- `array`, `date`, `xss`
+
+### Length & value rules
+- `len:X`, `minlen:X`, `maxlen:X`
+- `min:X`, `max:X`
+- `equal:value`, `not:value`
+- `same:field`, `different:field`
+
+### String/date matching rules
+- `in:substring`, `notin:substring`
+- `regex:pattern`
+- `mindate:YYYY-MM-DD`, `maxdate:YYYY-MM-DD`
+
+### Auth/security rules
+- `usercheck`: Must be authenticated.
+- `user:field`: Input must match authenticated user field.
+- `disposable`: Email must be disposable.
+- `!disposable`: Email must not be disposable.
+
+### Inverse rules
+- Prefix any rule with `!` to invert: `!required`, `!email`, `!equal:admin`.
 
 ## Reference Patterns
 
-### 1. Standard Validation Chaining
+### 1) Multi-check per field with specific errors
 ```javascript
-module.exports = async function (Odac) {
-  const validator = Odac.Validator;
+module.exports = async Odac => {
+  const validator = Odac.validator()
 
   validator
-    .post('email').check('required|email').message('Valid email required')
-    .post('password').check('required|minlen:8').message('Password too short');
+    .post('password')
+    .check('required').message('Password is required')
+    .check('minlen:8').message('Minimum 8 characters')
+    .check('regex:[A-Z]').message('At least one uppercase letter')
+    .check('regex:[0-9]').message('At least one number')
 
   if (await validator.error()) {
-    return validator.result('Please fix input errors');
+    return await validator.result('Please fix input errors')
   }
 
-  // Proceed with validated data
-  return validator.success('Success');
-};
+  return await validator.success('Success')
+}
+```
+
+### 2) GET + POST + VAR together
+```javascript
+module.exports = async Odac => {
+  const validator = Odac.validator()
+  const plan = await Odac.request('plan')
+
+  validator.get('page').check('numeric|min:1').message('Invalid page')
+  validator.post('email').check('required|email|!disposable').message('Corporate email required')
+  validator.var('plan', plan).check('in:pro').message('Only pro plan is allowed')
+
+  if (await validator.error()) return await validator.result('Validation failed')
+  return await validator.success({ok: true})
+}
 ```
 
-### 2. Custom Variable and Security Validation
+### 3) Boolean check for business rules
 ```javascript
-validator.var('age', userAge).check('numeric|min:18').message('Must be 18+');
+module.exports = async Odac => {
+  const validator = Odac.validator()
+  const canPublish = await somePermissionCheck(Odac)
+
+  validator.post('title').check('required').message('Title required')
+  validator.var('permission', null).check(canPublish).message('No publish permission')
+
+  if (await validator.error()) return await validator.result('Validation failed')
+  return await validator.success('Published')
+}
+```
+
+### 4) Brute-force on auth endpoint
+```javascript
+module.exports = async Odac => {
+  const validator = Odac.validator()
+
+  validator.post('email').check('required|email').message('Email required')
+  validator.post('password').check('required').message('Password required')
+
+  if (await validator.error()) {
+    await validator.brute(5)
+    return await validator.result('Login failed')
+  }
 
-// Security checks
-validator.post('bio').check('xss').message('Malicious HTML detected');
-validator.var('auth', null).check('usercheck').message('Authentication required');
+  return await validator.success('OK')
+}
 ```
 
-### 3. Common Rules Reference
--   `required`, `email`, `numeric`, `username`, `url`, `ip`, `json`.
--   `len:X`, `minlen:X`, `maxlen:X`.
--   `mindate:YYYY-MM-DD`, `maxdate:YYYY-MM-DD`.
--   `regex:pattern`, `same:field`, `different:field`.
--   `!disposable`: Blocks temporary email providers.
+## Response Contract
+- **Success**:
+  - `result.success: true`
+  - optional `result.message`
+  - optional `data`
+- **Failure**:
+  - `result.success: false`
+  - `errors.{field}` map
+  - global errors may use `errors._odac_form`
 
 ## Best Practices
--   **Specific Messages**: Provide helpful error messages that guide the user.
--   **Security First**: Use the `xss` rule for any user-generated content that will be rendered later.
--   **Fail Fast**: Return the validation result immediately if `validator.error()` is true.
+- Keep validation at route/controller entry; do not defer to deep service layers.
+- Use separate `check()` calls when you need rule-specific messages.
+- Prefer `var()` for derived values instead of re-reading mutable request state.
+- Use `xss` for text fields that can later be rendered in HTML.
+- Always combine auth endpoints with `brute()` to reduce credential-stuffing risk.

package/docs/ai/skills/frontend/forms.md

@@ -1,28 +1,56 @@
 ---
 name: frontend-forms-api-skill
-description: AJAX form and API request patterns in odac.js for interactive UX and predictable frontend data flows.
+description: odac.js form submission patterns for parser-generated ODAC forms and predictable AJAX request handling.
 metadata:
-  tags: frontend, forms, ajax, api-requests, odac-get, odac-post
+  tags: frontend, forms, ajax, odac-form, register, login, magic-login
 ---
 
 # Frontend Forms & API Skill
 
-Handling AJAX form submissions and API requests.
+Handling ODAC AJAX form submissions generated from server-side form parsing.
 
 ## Rules
-1.  **Forms**: Use `odac.form('#id', callback)` for AJAX submission.
-2.  **Requests**: Use `odac.get()` and `odac.post()` for manual requests.
-3.  **Realtime**: Handle WebSocket events using Hub structures in `Odac.action()`.
+1.  **Bind by form selector**: Use `Odac.form({ form: 'selector' }, callback)` or short form `Odac.form('selector', callback)`.
+2.  **Leverage parser-generated forms**: `odac-register`, `odac-login`, `odac-magic-login`, and `odac-custom-form` are all auto-bound on page load and after every AJAX navigation.
+3.  **Expect JSON result shape**: Handle `result.success`, `result.message`, `result.redirect`, and `errors` in callback.
+4.  **Message/clear control**: Use `messages` and `clear` options for UX behavior.
 
 ## Patterns
 ```javascript
-// Form with automatic validation feedback
-odac.form('#my-form', (res) => {
-  if(res.success) odac.visit('/done');
-});
-
-// Simple API Check
-odac.get('/api/status', (data) => {
-  console.log('Status:', data);
-});
+// 1) Bind a parsed custom form
+Odac.form('form[data-odac-form]')
+
+// 2) Bind parsed register/login forms explicitly (optional)
+Odac.form('form[data-odac-register]')
+Odac.form('form[data-odac-login]')
+
+// 3) Bind parsed magic-login form manually
+Odac.form('form[data-odac-magic-login]', response => {
+  if (response?.result?.success && !response.result.redirect) {
+    const info = document.querySelector('[data-status]')
+    if (info) info.textContent = response.result.message
+  }
+})
+
+// 4) Advanced options: disable auto clear and hide success messages
+Odac.form(
+  {form: 'form[data-odac-form]', clear: false, messages: ['error']},
+  response => {
+    if (response?.result?.success && response.result.redirect) {
+      window.location.href = response.result.redirect
+    }
+  }
+)
+
+// 5) Manual GET request helper
+Odac.get('/api/status', data => {
+  const status = document.querySelector('[data-api-status]')
+  if (status) status.textContent = String(data?.status ?? '')
+})
 ```
+
+## Response Handling Contract
+- **Success**: `response.result.success === true`
+- **Redirect**: `response.result.redirect` exists when server wants navigation
+- **Form errors**: `response.errors.{fieldName}` maps to `odac-form-error="fieldName"`
+- **Global form error**: `response.errors._odac_form`

package/docs/backend/08-database/02-basics.md

@@ -118,19 +118,59 @@ await Odac.DB.users.where('id', 1).delete();
 
 ODAC includes a built-in helper for generating robust, unique string IDs (NanoID) without needing external packages. Secure, URL-friendly, and collision-resistant.
 
+### Automatic Generation (Recommended)
+
+When you define a column as `type: 'nanoid'` in your schema file, ODAC **automatically generates** the ID on every `insert()` — no manual code needed.
+
+**Schema definition:**
 ```javascript
-// Generate a standard 21-character ID (e.g., "V1StGXR8_Z5jdHi6B-myT")
-const id = Odac.DB.nanoid();
+// schema/posts.js
+module.exports = {
+  columns: {
+    id: { type: 'nanoid', primary: true },
+    title: { type: 'string', length: 255 }
+  }
+}
+```
 
-// Generate a custom length ID
-const shortId = Odac.DB.nanoid(10);
+**Usage — just insert, the ID is auto-generated:**
+```javascript
+await Odac.DB.posts.insert({ title: 'My First Post' });
+// → { id: 'V1StGXR8Z5jdHi6BmyTa', title: 'My First Post' }
 ```
 
-This is particularly useful when inserting records into tables that use string-based Primary Keys instead of auto-increment integers.
+This works for single inserts and bulk inserts. If you provide an `id` explicitly, the auto-generation is skipped.
 
 ```javascript
-await Odac.DB.posts.insert({
-    id: Odac.DB.nanoid(),
-    title: 'My First Post'
-});
+// Bulk insert — each row gets its own unique nanoid
+await Odac.DB.posts.insert([
+    { title: 'Post A' },
+    { title: 'Post B' }
+]);
+
+// Explicit ID — auto-generation is skipped
+await Odac.DB.posts.insert({ id: 'my-custom-id', title: 'Custom' });
+```
+
+You can also customize the ID length:
+```javascript
+// schema/codes.js
+module.exports = {
+  columns: {
+    code: { type: 'nanoid', length: 8, primary: true },
+    label: { type: 'string' }
+  }
+}
+```
+
+### Manual Generation
+
+You can also generate NanoIDs manually when needed:
+
+```javascript
+// Generate a standard 21-character ID
+const id = Odac.DB.nanoid();
+
+// Generate a custom length ID
+const shortId = Odac.DB.nanoid(10);
 ```

package/docs/backend/08-database/04-migrations.md

@@ -91,6 +91,7 @@ npx odac migrate
 |------|-------|---------|
 | `increments` | Auto-increment primary key | — |
 | `bigIncrements` | Big auto-increment | — |
+| `nanoid` | NanoID string key (auto-generated on insert) | `length` (default: 21) |
 | `integer` | Integer | `unsigned` |
 | `bigInteger` | Big integer | `unsigned` |
 | `float` | Floating point | `precision`, `scale` |

package/package.json

@@ -7,7 +7,7 @@
     "email": "mail@emre.red",
     "url": "https://emre.red"
   },
-  "version": "1.4.1",
+  "version": "1.4.3",
   "license": "MIT",
   "engines": {
     "node": ">=18.0.0"

package/src/Auth.js

@@ -143,9 +143,22 @@ class Auth {
       let triggerRotation = false
       let isRecoveryRotation = false
 
+      // WebSocket connections (res === null) cannot deliver Set-Cookie headers.
+      // Rotating a token during a WS upgrade would invalidate the browser's cookies
+      // with no way to deliver replacements, causing silent logout on the next HTTP request.
+      const canDeliverCookies = !!this.#request.res
+
       if (!isRotated) {
         if (shouldRotate && tokenAge > rotationAge) {
-          triggerRotation = true
+          if (canDeliverCookies) {
+            triggerRotation = true
+          } else {
+            // WebSocket: Can't deliver rotated cookies, refresh active timestamp instead
+            Odac.DB[tokenTable]
+              .where('id', sql_token[0].id)
+              .update({active: new Date()})
+              .catch(() => {})
+          }
         } else if (inactiveAge > updateAge) {
           // Fallback simple active update if rotation is not triggered
           Odac.DB[tokenTable]
@@ -158,7 +171,7 @@ class Auth {
         // This means the previous rotation response was lost (network hiccup, page navigation, etc.)
         // Give the client one more chance by re-issuing new credentials.
         const timeSinceRotation = inactiveAge - maxAge + TOKEN_ROTATION_GRACE_PERIOD_MS
-        if (timeSinceRotation > 5000) {
+        if (timeSinceRotation > 5000 && canDeliverCookies) {
           triggerRotation = true
           isRecoveryRotation = true
         }

package/src/Database/ConnectionFactory.js

@@ -57,6 +57,7 @@ function buildConnections(databaseConfig) {
       pool: {min: 0, max: db.connectionLimit || 10},
       useNullAsDefault: true
     })
+    connections[key]._odacConnectionKey = key
   }
 
   return connections

package/src/Database/Migration.js

@@ -2,6 +2,7 @@
 
 const fs = require('node:fs')
 const path = require('node:path')
+const nanoid = require('./nanoid')
 
 /**
  * ODAC Migration Engine — "Schema-First with Auto-Diff"
@@ -213,7 +214,8 @@ class Migration {
 
     for (const [colName, colDef] of Object.entries(columns)) {
       if (!colDef.unique) continue
-      if (colDef.type === 'timestamps' || colDef.type === 'increments' || colDef.type === 'bigIncrements') continue
+      if (colDef.type === 'timestamps' || colDef.type === 'increments' || colDef.type === 'bigIncrements' || colDef.type === 'nanoid')
+        continue
 
       const implicitIdx = {columns: [colName], unique: true}
       const sig = this._indexSignature(implicitIdx)
@@ -678,6 +680,8 @@ class Migration {
         return table.json(colName)
       case 'jsonb':
         return table.jsonb(colName)
+      case 'nanoid':
+        return table.string(colName, def.length || 21)
       case 'uuid':
         return table.uuid(colName)
       case 'enum':
@@ -905,6 +909,9 @@ class Migration {
         const existing = await knex(tableName).where(seedKey, keyValue).first()
 
         if (!existing) {
+          // Auto-generate nanoid for columns with type 'nanoid' that are missing from seed data
+          this._fillNanoidColumns(preparedRow, schema)
+
           if (!dryRun) {
             await knex(tableName).insert(preparedRow)
           }
@@ -1198,6 +1205,24 @@ class Migration {
       table.index(['connection', 'type'])
     })
   }
+
+  /**
+   * Populates missing nanoid columns in a data row before insertion.
+   * Why: Zero-config DX — developers should not manually call nanoid() for every insert.
+   * When a schema defines a column as type 'nanoid', the framework auto-generates
+   * the value if the caller did not provide one.
+   * @param {object} row - Data row to mutate in-place
+   * @param {object} schema - Table schema definition
+   */
+  _fillNanoidColumns(row, schema) {
+    const columns = schema.columns || {}
+
+    for (const [colName, colDef] of Object.entries(columns)) {
+      if (colDef.type === 'nanoid' && !row[colName]) {
+        row[colName] = nanoid(colDef.length || 21)
+      }
+    }
+  }
 }
 
 module.exports = new Migration()

package/src/Database/nanoid.js

@@ -0,0 +1,30 @@
+'use strict'
+
+const nodeCrypto = require('node:crypto')
+
+const ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
+
+/**
+ * Generates a cryptographically secure, URL-safe alphanumeric NanoID.
+ * Why: Centralized implementation shared by Database.js and Migration.js
+ * to avoid code duplication. Uses rejection sampling on crypto.randomBytes
+ * for uniform distribution across a 62-character alphabet.
+ * @param {number} size - Desired ID length (default: 21)
+ * @returns {string} URL-safe alphanumeric ID
+ */
+function nanoid(size = 21) {
+  let id = ''
+  while (id.length < size) {
+    const bytes = nodeCrypto.randomBytes(size + 5)
+    for (let i = 0; i < bytes.length; i++) {
+      const byte = bytes[i] & 63
+      if (byte < 62) {
+        id += ALPHABET[byte]
+        if (id.length === size) break
+      }
+    }
+  }
+  return id
+}
+
+module.exports = nanoid

package/src/Database.js

@@ -1,9 +1,12 @@
 'use strict'
 const {buildConnections} = require('./Database/ConnectionFactory')
+const nanoid = require('./Database/nanoid')
 
 class DatabaseManager {
   constructor() {
     this.connections = {}
+    /** @type {Object<string, Object<string, Array<{column: string, size: number}>>>} connectionKey -> tableName -> nanoid columns */
+    this._nanoidColumns = {}
   }
 
   async init() {
@@ -24,6 +27,10 @@ class DatabaseManager {
     // Auto-migrate: sync schema/ files with the database on every startup.
     // Why: Zero-config philosophy — deploy and forget. The app always starts with the correct DB state.
     await this._autoMigrate()
+
+    // Cache nanoid column metadata from schema files for insert-time auto-generation.
+    // Runs on ALL processes (primary + workers) since every process may insert data.
+    this._loadNanoidMeta()
   }
 
   /**
@@ -54,21 +61,92 @@ class DatabaseManager {
     }
   }
 
+  /**
+   * Gracefully destroys all active database connections.
+   * Called during shutdown to release connection pools and prevent resource leaks.
+   */
+  async close() {
+    const entries = Object.entries(this.connections)
+    if (entries.length === 0) return
+
+    await Promise.allSettled(
+      entries.map(([name, knex]) =>
+        knex.destroy().catch(err => {
+          console.error(`\x1b[31m[Database]\x1b[0m Failed to close '${name}' connection:`, err.message)
+        })
+      )
+    )
+    this.connections = {}
+  }
+
   nanoid(size = 21) {
-    const nodeCrypto = require('crypto')
-    const alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
-    let id = ''
-    while (id.length < size) {
-      const bytes = nodeCrypto.randomBytes(size + 5)
-      for (let i = 0; i < bytes.length; i++) {
-        const byte = bytes[i] & 63
-        if (byte < 62) {
-          id += alphabet[byte]
-          if (id.length === size) break
+    return nanoid(size)
+  }
+
+  /**
+   * Scans schema/ directory and caches which columns are type 'nanoid' per table.
+   * Why: The insert() proxy needs O(1) lookup to auto-generate IDs at runtime.
+   * Lightweight — only reads file metadata, no DB introspection.
+   */
+  _loadNanoidMeta() {
+    const fs = require('node:fs')
+    const path = require('node:path')
+    const Module = require('node:module')
+
+    if (!global.__dir) return
+    const schemaDir = path.join(global.__dir, 'schema')
+    if (!fs.existsSync(schemaDir)) return
+
+    const loadDir = (dir, connectionKey) => {
+      if (!this._nanoidColumns[connectionKey]) {
+        this._nanoidColumns[connectionKey] = {}
+      }
+
+      const files = fs.readdirSync(dir).filter(f => f.endsWith('.js') && fs.statSync(path.join(dir, f)).isFile())
+
+      for (const file of files) {
+        const filePath = path.join(dir, file)
+        const tableName = path.basename(file, '.js')
+
+        try {
+          const source = fs.readFileSync(filePath, 'utf8')
+          const m = new Module(filePath)
+          m.filename = filePath
+          m.paths = Module._nodeModulePaths(path.dirname(filePath))
+          m._compile(source, filePath)
+          const schema = m.exports
+
+          if (!schema?.columns) continue
+
+          const nanoidCols = []
+          for (const [colName, colDef] of Object.entries(schema.columns)) {
+            if (colDef.type === 'nanoid') {
+              nanoidCols.push({column: colName, size: colDef.length || 21})
+            }
+          }
+
+          if (nanoidCols.length > 0) {
+            this._nanoidColumns[connectionKey][tableName] = nanoidCols
+          }
+        } catch (e) {
+          // Schema file parse error — skip silently, Migration will report it
+          if (global.Odac?.Config?.debug) {
+            console.warn(`\x1b[33m[ODAC NanoID Meta]\x1b[0m Failed to parse schema ${filePath}:`, e.message)
+          }
         }
       }
     }
-    return id
+
+    // Root-level files (default connection)
+    loadDir(schemaDir, 'default')
+
+    // Subdirectories (named connections)
+    const entries = fs.readdirSync(schemaDir, {withFileTypes: true})
+    for (const entry of entries) {
+      if (entry.isDirectory()) {
+        loadDir(path.join(schemaDir, entry.name), entry.name)
+      }
+    }
   }
 }
 
@@ -104,6 +182,28 @@ const tableProxyHandler = {
       return originalCount.apply(this, args)
     }
 
+    // Odac DX Improvement: Auto-generate NanoID for columns defined as type 'nanoid' in schema.
+    // Why: Zero-config ID generation — no manual Odac.DB.nanoid() calls needed.
+    const connectionKey = knexInstance._odacConnectionKey || 'default'
+    const nanoidCols = manager._nanoidColumns[connectionKey]?.[prop]
+    if (nanoidCols) {
+      const originalInsert = qb.insert
+      qb.insert = function (data, ...args) {
+        if (Array.isArray(data)) {
+          for (const row of data) {
+            for (const {column, size} of nanoidCols) {
+              if (!row[column]) row[column] = manager.nanoid(size)
+            }
+          }
+        } else if (data && typeof data === 'object') {
+          for (const {column, size} of nanoidCols) {
+            if (!data[column]) data[column] = manager.nanoid(size)
+          }
+        }
+        return originalInsert.call(this, data, ...args)
+      }
+    }
+
     const originalThen = qb.then
     qb.then = function (resolve, reject) {
       if (this._odacIsCount) {
@@ -152,7 +252,10 @@ const rootProxy = new Proxy(manager, {
   get(target, prop) {
     // Access to internal manager methods
     if (prop === 'init') return target.init.bind(target)
+    if (prop === 'close') return target.close.bind(target)
     if (prop === 'connections') return target.connections
+    if (prop === '_nanoidColumns') return target._nanoidColumns
+    if (prop === '_loadNanoidMeta') return target._loadNanoidMeta.bind(target)
 
     // Access to specific database connection: Odac.DB.analytics
     if (target.connections[prop]) {
@@ -182,6 +285,14 @@ const rootProxy = new Proxy(manager, {
     }
 
     return undefined
+  },
+
+  set(target, prop, value) {
+    if (prop === 'connections' || prop === '_nanoidColumns') {
+      target[prop] = value
+      return true
+    }
+    return false
   }
 })