prisma-generator-express 1.13.0 → 1.14.1

package/README.md

@@ -114,9 +114,10 @@ The library will create functions to generate routers per each model in schema.
 import express, { json } from 'express'
 import type { Response, Request, NextFunction, RequestHandler } from 'express'
 
-import { orderItemRouter } from '../prisma/generated/express/orderItem'
-import RouteConfig from '../prisma/generated/express/routeConfig'
 import { PrismaClient } from '../prisma/generated/client'
+import { UserAccountRouter } from '../prisma/generated/express/UserAccount'
+import { RouteConfig } from '~prisma/generated/express/routeConfig'
+import { UserAccountFindFirstSchema } from '../prisma/generated/prisma-zod-generator/schemas'
 
 const app = express()
 
@@ -132,28 +133,27 @@ const addPrisma: RequestHandler = (
   next: NextFunction,
 ) => {
   req.prisma = prisma
-  req.omitOutputValidation = true
+  // req.omitOutputValidation = true (not required if you use `select` instead of `include`)
   next()
 }
 
 /**
- * Before middleware to set a custom property on the request object.
- * Demonstrates how to add custom properties to the request object to be used in later middleware or route handlers.
+ * Run context-related operations or modify `req` properties to control the behavior of the route
  */
-const beforeFindMany: RequestHandler = (
+const beforeFindFirst: RequestHandler = (
   req: Request,
   res: Response,
   next: NextFunction,
 ) => {
-  ;(req as any).passToNext = true
+  req.passToNext = true
   next()
 }
 
 /**
- * After middleware placeholder for any post-processing after the main route handler.
- * This example just calls next() but can be extended to perform actions like logging or response modification.
+ * if `req.passToNext` is true, then the result of generated middleware
+ * will be available in req.locals?.data for modifications
  */
-const afterFindMany: RequestHandler = (
+const afterFindFirst: RequestHandler = (
   req: Request,
   res: Response,
   next: NextFunction,
@@ -162,17 +162,39 @@ const afterFindMany: RequestHandler = (
   next()
 }
 
+/**
+ * For generated route the middleware order will be as follows:
+ * 1. Query parser (kicks in for GET requests)
+ * 2. Custom middlewares: config.{method}.before[]
+ * 3. Input validator middleware (Optional): config.{method}.input
+ * 4. Generated middleware
+ * 5. Output validator middleware: config.{method}.input
+ * 6. Custom middlewares: config.{method}.after[] (not available if req.passToNext is falsy)
+ */
 const someRouterConfig: RouteConfig<RequestHandler> = {
-  findMany: {
-    before: [beforeFindMany],
-    after: [afterFindMany],
+  FindFirst: {
+    before: [beforeFindFirst],
+    after: [afterFindFirst],
+    input: {
+      schema: UserAccountFindFirstSchema, // make sure you set `isGenerateSelect = true` in prisma-zod-generator
+      allow: [
+        'select.id',
+        'select.full_name',
+        'select.emailAddress',
+        'select.orders[].ProductName',
+        'select.orders[].quantity',
+        'where.id',
+        'where.createdAt',
+      ],
+    },
   },
   addModelPrefix: true,
   enableAll: true,
   customUrlPrefix: '/v1',
 }
 
-app.use(addPrisma, orderItemRouter(someRouterConfig))
+app.use(addPrisma)
+app.use(UserAccountRouter(someRouterConfig))
 
 app.listen(3000, () => {
   console.log('Server is running on http://localhost:3000')
@@ -197,7 +219,7 @@ The following properties can be attached to the `req` object to control the beha
 | ------------ | -------- | ------------ |
 | `findUnique` | `GET`    | `/:id`       |
 | `findFirst`  | `GET`    | `/first`     |
-| `findMany`   | `GET`    | `/`          |
+| `FindFirst`  | `GET`    | `/`          |
 | `create`     | `POST`   | `/`          |
 | `createMany` | `POST`   | `/many`      |
 | `update`     | `PUT`    | `/`          |

package/dist/helpers/generateRouteFile.js

@@ -27,7 +27,7 @@ import { ${modelName}GroupBy } from './${modelName}GroupBy';
 import { createValidatorMiddleware, ValidatorOptions } from '../createValidatorMiddleware'
 import { createOutputValidatorMiddleware } from '../createOutputValidatorMiddleware'
 import { RouteConfig, ValidatorConfig } from '../routeConfig'
-import { parseQueryParams } from "../ParseQueryParams";
+import { parseQueryParams } from "../parseQueryParams";
 
 const defaultBeforeAfter = {
   before: [] as RequestHandler[],

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "prisma-generator-express",
   "description": "Prisma generator of Express CRUD API",
-  "version": "1.13.0",
+  "version": "1.14.1",
   "main": "dist/generator.js",
   "license": "MIT",
   "bin": {

package/src/copy/transformZod.spec.ts

@@ -30,8 +30,8 @@ describe('Cryptocurrency Schema Validation', () => {
   const allowedFields = [
     'wallet.id',
     'wallet.owner.name',
-    'transactions.amount',
-    'transactions.currency',
+    'transactions[].amount',
+    'transactions[].currency',
   ]
   const forbiddenFields = ['wallet.owner.age', 'transactions.details.fee']
 
@@ -225,9 +225,9 @@ describe('Cryptocurrency Schema Validation', () => {
       'wallet.id',
       'wallet.owner.name',
       'wallet.owner.age',
-      'transactions.amount',
-      'transactions.currency',
-      'transactions.details.fee',
+      'transactions[].amount',
+      'transactions[].currency',
+      'transactions[].details.fee',
     ]
 
     try {
@@ -553,4 +553,211 @@ describe('Cryptocurrency Schema Validation', () => {
       expect(error).toBeInstanceOf(ZodError)
     }
   })
+  describe('Prisma example', () => {
+    const inputData = {
+      select: {
+        id: true,
+        project_id: true,
+        list_id: true,
+        user_assignments: {
+          select: {
+            user: true,
+          },
+        },
+        tags_mappings: {
+          select: {
+            tag: true,
+          },
+        },
+        attachments: {
+          select: {
+            attachment: true,
+          },
+          where: {
+            is_image: true,
+          },
+          take: 100,
+          orderBy: {
+            created_at: 'desc',
+          },
+        },
+        rendered_description: true,
+        description: true,
+        created_at: true,
+        start_date: true,
+        reactions: true,
+        intervals: true,
+        column_id: true,
+        priority: true,
+        due_date: true,
+        column: true,
+        title: true,
+        order: true,
+        color: true,
+      },
+      where: {
+        id: 'task_id',
+        AND: [
+          {
+            OR: [{ to_delete: false }, { to_delete: null }],
+          },
+        ],
+      },
+    }
+    it('deep nesting', () => {
+      const taskSchema = z.object({
+        select: z
+          .object({
+            id: z.boolean().optional(),
+            project_id: z.boolean().optional(),
+            list_id: z.boolean().optional(),
+            user_assignments: z
+              .object({
+                select: z.object({
+                  user: z.boolean().optional(),
+                }),
+              })
+              .optional(),
+            tags_mappings: z
+              .object({
+                select: z.object({
+                  tag: z.boolean().optional(),
+                }),
+              })
+              .optional(),
+            attachments: z
+              .object({
+                select: z.object({
+                  attachment: z.boolean().optional(),
+                }),
+                where: z
+                  .object({
+                    is_image: z.boolean().optional(),
+                  })
+                  .optional(),
+                take: z.number().optional(),
+                orderBy: z
+                  .object({
+                    created_at: z.enum(['asc', 'desc']).optional(),
+                  })
+                  .optional(),
+              })
+              .optional(),
+            rendered_description: z.boolean().optional(),
+            description: z.boolean().optional(),
+            created_at: z.boolean().optional(),
+            start_date: z.boolean().optional(),
+            reactions: z.boolean().optional(),
+            intervals: z.boolean().optional(),
+            column_id: z.boolean().optional(),
+            priority: z.boolean().optional(),
+            due_date: z.boolean().optional(),
+            column: z.boolean().optional(),
+            title: z.boolean().optional(),
+            order: z.boolean().optional(),
+            color: z.boolean().optional(),
+          })
+          .optional(),
+        where: z
+          .object({
+            id: z.string().optional(),
+            AND: z
+              .array(
+                z.object({
+                  OR: z
+                    .array(
+                      z.object({
+                        to_delete: z.boolean().nullable().optional(),
+                      }),
+                    )
+                    .optional(),
+                }),
+              )
+              .optional(),
+          })
+          .optional(),
+      })
+
+      const allowedFields = [
+        'select.id',
+        'select.project_id',
+        'select.list_id',
+        'select.user_assignments.select.user',
+        'select.tags_mappings.select.tag',
+        'select.attachments.select.attachment',
+        'select.attachments.where.is_image',
+        'select.attachments.take',
+        'select.attachments.orderBy.created_at',
+        'select.rendered_description',
+        'select.description',
+        'select.created_at',
+        'select.start_date',
+        'select.reactions',
+        'select.intervals',
+        'select.column_id',
+        'select.priority',
+        'select.due_date',
+        'select.column',
+        'select.order',
+        'select.color',
+        'where.id',
+        'where.AND[].OR[].to_delete',
+      ]
+
+      try {
+        const result = allow(taskSchema, allowedFields).safeParse(inputData)
+        expect(result.success).toBe(false)
+      } catch (error) {
+        expect(error).toBeInstanceOf(ZodError)
+      }
+    })
+
+    it('deep nesting 2', () => {
+      const taskSchema = z.object({
+        where: z
+          .object({
+            id: z.string().optional(),
+            AND: z
+              .array(
+                z.object({
+                  OR: z
+                    .array(
+                      z.object({
+                        to_delete: z.boolean().nullable().optional(),
+                      }),
+                    )
+                    .optional(),
+                }),
+              )
+              .optional(),
+          })
+          .optional(),
+      })
+
+      const allowedFields = [
+        'select.id',
+        'select.project_id',
+        'select.list_id',
+        'select.user_assignments.select.user',
+        'select.tags_mappings.select.tag',
+        'select.attachments.select.attachment',
+        'select.attachments.where.is_image',
+        'select.attachments.take',
+        'select.attachments.orderBy.created_at',
+        'select.rendered_description',
+        'select.description',
+        'select.created_at',
+        'select.start_date',
+        'where.id',
+        'where.AND[].OR[].to_delete',
+      ]
+
+      try {
+        const result = allow(taskSchema, allowedFields).safeParse(inputData)
+        expect(result.success).toBe(false)
+      } catch (error) {
+        expect(error).toBeInstanceOf(ZodError)
+      }
+    })
+  })
 })

package/src/copy/transformZod.ts

@@ -9,39 +9,54 @@ import {
   ZodTypeAny,
 } from 'zod'
 
-export function allow<T extends z.ZodTypeAny>(
+function startsWith(str: string, prefix: string): boolean {
+  return str.slice(0, prefix.length) === prefix
+}
+
+function every<T>(
+  array: T[],
+  callback: (value: T, index: number, array: T[]) => boolean,
+): boolean {
+  for (let i = 0; i < array.length; i++) {
+    if (!callback(array[i], i, array)) {
+      return false
+    }
+  }
+  return true
+}
+
+function isKeyAllowed(key: string, allowedPaths: string[]): boolean {
+  return !every(
+    allowedPaths,
+    (path) =>
+      !startsWith(key.replace(/\[\d+\]/g, ''), path.replace(/\[\d+\]/g, '')) &&
+      !startsWith(path.replace(/\[\d+\]/g, ''), key.replace(/\[\d+\]/g, '')),
+  )
+}
+
+export function allow<T extends ZodTypeAny>(
   schema: T,
   allowedPaths: string[],
 ): ZodEffects<T, any, any> {
-  const rootSchema = schema instanceof z.ZodObject ? schema : undefined
+  const rootSchema = schema instanceof z.ZodObject ? schema.strict() : undefined
 
-  return schema.transform((data) => {
+  return rootSchema?.transform((data) => {
     const flatData = flattenObject(data, '', rootSchema)
+
     const disallowedPaths: string[] = []
 
     for (const key of Object.keys(flatData)) {
-      if (
-        allowedPaths.every(
-          (path) => !(key.startsWith(path) || path.startsWith(key)),
-        )
-      ) {
+      if (!isKeyAllowed(key, allowedPaths)) {
         disallowedPaths.push(key)
       }
     }
 
     if (disallowedPaths.length > 0) {
-      const errors: ZodIssue[] = []
-      for (const path of disallowedPaths) {
-        errors.push({
-          code: ZodIssueCode.custom,
-          message: `Field '${path}' is not allowed.`,
-          path: path.split('.'),
-        })
-      }
-      throw new ZodError(errors)
+      throw createZodErrorFromPaths(disallowedPaths, 'Field is not allowed:')
     }
+
     return data
-  }) as ZodEffects<T, any, any>
+  }) as unknown as ZodEffects<T, any, any>
 }
 
 export function forbid<T extends z.ZodTypeAny>(
@@ -60,30 +75,12 @@ export function forbid<T extends z.ZodTypeAny>(
     }
 
     if (forbiddenMatches.length > 0) {
-      const errors: ZodIssue[] = []
-      for (const path of forbiddenMatches) {
-        errors.push({
-          code: ZodIssueCode.custom,
-          message: `Field '${path}' is forbidden.`,
-          path: [path],
-        })
-      }
-      throw new ZodError(errors)
+      throw createZodErrorFromPaths(forbiddenMatches, 'Field is forbidden:')
     }
     return data
   }) as ZodEffects<T, any, any>
 }
 
-function isJsonLikeUnion(schemaPart: ZodTypeAny): boolean {
-  if (schemaPart instanceof z.ZodOptional) {
-    schemaPart = schemaPart.unwrap()
-  }
-  return (
-    schemaPart instanceof z.ZodUnion &&
-    schemaPart.options.some((option: ZodTypeAny) => option instanceof z.ZodLazy)
-  )
-}
-
 export function flattenObject(
   obj: Record<string, any>,
   prefix = '',
@@ -91,29 +88,53 @@ export function flattenObject(
 ): Record<string, any> {
   const result: Record<string, any> = {}
 
-  for (const key of Object.keys(obj)) {
-    const pre = prefix.length ? `${prefix}.` : ''
-    const currentSchema = schema?.shape[key]
-
-    if (currentSchema instanceof z.ZodOptional && obj[key] === undefined) {
-      continue
-    }
-
-    if (currentSchema && isJsonLikeUnion(currentSchema)) {
-      result[`${pre}${key}`] = obj[key]
-    } else if (
-      typeof obj[key] === 'object' &&
-      obj[key] !== null &&
-      currentSchema instanceof ZodObject
-    ) {
-      Object.assign(
-        result,
-        flattenObject(obj[key], `${pre}${key}`, currentSchema),
-      )
+  function flatten(current: any, prop: string, schema?: ZodObject<any>) {
+    if (Object(current) !== current) {
+      result[prop] = current
+    } else if (Array.isArray(current)) {
+      current.forEach((item, index) => {
+        flatten(item, `${prop}[]`, schema)
+      })
     } else {
-      result[`${pre}${key}`] = obj[key]
+      let isEmpty = true
+      for (const key in current) {
+        if (current.hasOwnProperty(key)) {
+          isEmpty = false
+          const currentSchema = schema?.shape[key]
+          if (
+            currentSchema instanceof z.ZodOptional &&
+            current[key] === undefined
+          ) {
+            continue
+          }
+          flatten(
+            current[key],
+            prop ? `${prop}.${key}` : key,
+            currentSchema instanceof ZodObject ? currentSchema : undefined,
+          )
+        }
+      }
+      if (isEmpty) {
+        result[prop] = {}
+      }
     }
   }
 
+  flatten(obj, prefix, schema)
   return result
 }
+
+function createZodErrorFromPaths(
+  disallowedPaths: string[],
+  errorMessage: string,
+): ZodError {
+  const errors: ZodIssue[] = []
+  for (const path of disallowedPaths) {
+    errors.push({
+      code: ZodIssueCode.custom,
+      message: `${errorMessage} '${path}'`,
+      path: path.split('.'),
+    })
+  }
+  return new ZodError(errors)
+}

package/src/helpers/generateRouteFile.ts

@@ -31,7 +31,7 @@ import { ${modelName}GroupBy } from './${modelName}GroupBy';
 import { createValidatorMiddleware, ValidatorOptions } from '../createValidatorMiddleware'
 import { createOutputValidatorMiddleware } from '../createOutputValidatorMiddleware'
 import { RouteConfig, ValidatorConfig } from '../routeConfig'
-import { parseQueryParams } from "../ParseQueryParams";
+import { parseQueryParams } from "../parseQueryParams";
 
 const defaultBeforeAfter = {
   before: [] as RequestHandler[],