prostgles-server 4.2.191 → 4.2.193

package/lib/runClientRequest.ts

@@ -1,31 +1,20 @@
-import { AnyObject, TableHandler, UserLike, getKeys, pickKeys } from "prostgles-types";
-import { ExpressReq } from "./Auth/AuthTypes";
-import { LocalParams, PRGLIOSocket } from "./DboBuilder/DboBuilder";
+import {
+  AnyObject,
+  SQLOptions,
+  SQLRequest,
+  TableHandler,
+  UserLike,
+  getKeys,
+  pickKeys,
+} from "prostgles-types";
+import { AuthClientRequest } from "./Auth/AuthTypes";
+import { LocalParams } from "./DboBuilder/DboBuilder";
+import { TableHandler as TableHandlerServer } from "./DboBuilder/TableHandler/TableHandler";
 import { parseFieldFilter } from "./DboBuilder/ViewHandler/parseFieldFilter";
 import { canRunSQL } from "./DboBuilder/runSQL";
 import { Prostgles } from "./Prostgles";
-import { TableHandler as TableHandlerServer } from "./DboBuilder/TableHandler/TableHandler";
 import { TableRule } from "./PublishParser/publishTypesAndUtils";
 
-type ReqInfo =
-  | {
-      type: "socket";
-      socket: PRGLIOSocket;
-      httpReq?: undefined;
-    }
-  | {
-      type: "http";
-      httpReq: ExpressReq;
-      socket?: undefined;
-    };
-type ReqInfoClient =
-  | {
-      socket: PRGLIOSocket;
-    }
-  | {
-      httpReq: ExpressReq;
-    };
-
 const TABLE_METHODS = {
   find: 1,
   findOne: 1,
@@ -50,7 +39,7 @@ const SOCKET_ONLY_COMMANDS = [
   "sync",
 ] as const satisfies typeof TABLE_METHODS_KEYS;
 
-type Args = ReqInfo & {
+type Args = {
   tableName: string;
   command: string;
   param1: any;
@@ -58,13 +47,6 @@ type Args = ReqInfo & {
   param3: any;
 };
 
-const getReqInfoClient = (reqInfo: ReqInfo): ReqInfoClient => {
-  if (reqInfo.type === "socket") {
-    return { socket: reqInfo.socket };
-  }
-  return { httpReq: reqInfo.httpReq };
-};
-
 type TableMethodFunctionWithRulesAndLocalParams = (
   arg1: any,
   arg2: any,
@@ -73,17 +55,13 @@ type TableMethodFunctionWithRulesAndLocalParams = (
   localParams: LocalParams
 ) => any;
 
-export const runClientRequest = async function (this: Prostgles, args: Args) {
+export const runClientRequest = async function (
+  this: Prostgles,
+  args: Args,
+  clientReq: AuthClientRequest
+) {
   /* Channel name will only include client-sent params so we ignore table_rules enforced params */
-  if (
-    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
-    (args.type === "socket" && !args.socket) ||
-    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
-    (args.type === "http" && !args.httpReq) ||
-    // !this.authHandler ||
-    !this.publishParser ||
-    !this.dbo
-  ) {
+  if (!this.publishParser || !this.dbo) {
     throw "socket/httpReq or authhandler missing";
   }
 
@@ -92,17 +70,16 @@ export const runClientRequest = async function (this: Prostgles, args: Args) {
     throw `Invalid command: ${nonValidatedCommand}. Expecting one of: ${TABLE_METHODS_KEYS};`;
   }
   const command = nonValidatedCommand as keyof TableHandler;
-  if (args.type !== "socket" && SOCKET_ONLY_COMMANDS.some((v) => v === command)) {
+  if (!clientReq.socket && SOCKET_ONLY_COMMANDS.some((v) => v === command)) {
     throw (
       "The following commands cannot be completed over a non-websocket connection: " +
       SOCKET_ONLY_COMMANDS
     );
   }
 
-  const reqInfo = getReqInfoClient(args);
-  const clientInfo = await this.authHandler?.getClientInfo(args);
+  const clientInfo = await this.authHandler?.getUserFromRequest(clientReq);
   const validRules = await this.publishParser.getValidatedRequestRule(
-    { tableName, command, localParams: reqInfo },
+    { tableName, command, clientReq },
     clientInfo
   );
 
@@ -123,11 +100,11 @@ export const runClientRequest = async function (this: Prostgles, args: Args) {
         ...(pickKeys(clientInfo.user, ["id", "type"]) as UserLike),
       };
   const localParams: LocalParams = {
-    ...reqInfo,
+    clientReq,
     isRemoteRequest: { user: sessionUser },
   };
   if (param3 && (param3 as LocalParams).returnQuery) {
-    const isAllowed = await canRunSQL(this, localParams);
+    const isAllowed = await canRunSQL(this, clientReq);
     if (isAllowed) {
       localParams.returnQuery = (param3 as LocalParams).returnQuery;
     } else {
@@ -156,47 +133,54 @@ export const runClientRequest = async function (this: Prostgles, args: Args) {
   // return result;
 };
 
-export const clientCanRunSqlRequest = async function (this: Prostgles, args: ReqInfo) {
-  const reqInfo = getReqInfoClient(args);
+// const getReqInfoClient = <A extends AuthClientRequest>(args: A): AuthClientRequest =>
+//   args.httpReq ? { res: args.res, httpReq: args.httpReq } : { socket: args.socket };
+
+export const clientCanRunSqlRequest = async function (
+  this: Prostgles,
+  clientReq: AuthClientRequest
+) {
   if (!this.opts.publishRawSQL || typeof this.opts.publishRawSQL !== "function") {
-    return { allowed: false, reqInfo };
+    return { allowed: false, clientReq };
   }
   const canRunSQL = async () => {
     if (!this.authHandler) {
       throw "authHandler missing";
     }
-    const publishParams = await this.publishParser?.getPublishParams(reqInfo);
-    const res = await this.opts.publishRawSQL?.(publishParams as any);
+    const publishParams = await this.publishParser?.getPublishParams(clientReq);
+    const res = publishParams && (await this.opts.publishRawSQL?.(publishParams));
     return Boolean((res && typeof res === "boolean") || res === "*");
   };
 
   const allowed = await canRunSQL();
-  return { allowed, reqInfo };
+  return { allowed, reqInfo: clientReq };
 };
 
-type ArgsSql = ReqInfo & {
-  query: string;
-  args?: AnyObject | any[];
-  options?: any;
-};
-export const runClientSqlRequest = async function (this: Prostgles, params: ArgsSql) {
-  const { allowed, reqInfo } = await clientCanRunSqlRequest.bind(this)(params);
+export const runClientSqlRequest = async function (
+  this: Prostgles,
+  reqData: SQLRequest,
+  clientReq: AuthClientRequest
+) {
+  const { allowed } = await clientCanRunSqlRequest.bind(this)(clientReq);
   if (!allowed) {
     throw "Not allowed to execute sql";
   }
   if (!this.dbo?.sql) throw "Internal error: sql handler missing";
-  const { query, args, options } = params;
-  return this.dbo.sql(query, args, options, reqInfo);
+  const { query, params, options } = reqData;
+  return this.dbo.sql(query, params, options, { clientReq });
 };
 
-type ArgsMethod = ReqInfo & {
+type ArgsMethod = {
   method: string;
   params?: any[];
 };
-export const runClientMethod = async function (this: Prostgles, reqArgs: ArgsMethod) {
-  const reqInfo = getReqInfoClient(reqArgs);
+export const runClientMethod = async function (
+  this: Prostgles,
+  reqArgs: ArgsMethod,
+  clientReq: AuthClientRequest
+) {
   const { method, params = [] } = reqArgs;
-  const methods = await this.publishParser?.getAllowedMethods(reqInfo);
+  const methods = await this.publishParser?.getAllowedMethods(clientReq, undefined);
 
   if (!methods || !methods[method]) {
     throw "Disallowed/missing method " + JSON.stringify(method);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prostgles-server",
-  "version": "4.2.191",
+  "version": "4.2.193",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -55,12 +55,12 @@
     "pg": "^8.11.5",
     "pg-cursor": "^2.11.0",
     "pg-promise": "^11.9.1",
-    "prostgles-types": "^4.0.130"
+    "prostgles-types": "^4.0.133"
   },
   "devDependencies": {
     "@types/express": "^4.17.21",
     "@types/json-schema": "^7.0.15",
-    "@types/node": "^22.8.1",
+    "@types/node": "^22.10.2",
     "@types/nodemailer": "^6.4.17",
     "@types/pg": "^8.11.5",
     "@types/pg-cursor": "^2.7.2",