prostgles-server 4.2.270 → 4.2.271

package/lib/Auth/getClientAuth.ts

@@ -14,10 +14,16 @@ export async function getClientAuth(
   clientReq: AuthClientRequest
 ): Promise<{ auth: AuthSocketSchema; userData: AuthResultWithSID }> {
   let pathGuard = false;
-  if (
-    this.opts.loginSignupConfig?.publicRoutes &&
-    !this.opts.loginSignupConfig.disableSocketAuthGuard
-  ) {
+  const {
+    loginWithOAuth,
+    signupWithEmail: signupWithEmailAndPassword,
+    localLoginMode,
+    login,
+    publicRoutes,
+    disableSocketAuthGuard,
+  } = this.opts.loginSignupConfig ?? {};
+
+  if (publicRoutes && !disableSocketAuthGuard) {
     pathGuard = true;
 
     /**
@@ -64,12 +70,6 @@ export async function getClientAuth(
   }
 
   const userData = await this.getSidAndUserFromRequest(clientReq);
-  const {
-    loginWithOAuth,
-    signupWithEmail: signupWithEmailAndPassword,
-    localLoginMode,
-    login,
-  } = this.opts.loginSignupConfig ?? {};
 
   const auth: AuthSocketSchema = {
     providers: getOAuthProviders(loginWithOAuth),

package/lib/Auth/utils/getSidAndUserFromRequest.ts

@@ -6,6 +6,7 @@ import { throttledAuthCall } from "./throttledReject";
 /**
  * For a given sid return the user data if available using the auth handler's getUser method.
  * Use socket session cache if configured in Auth
+ * Used in Publish Parser and AuthHandler
  */
 export async function getSidAndUserFromRequest(
   this: AuthHandler,
@@ -16,7 +17,7 @@ export async function getSidAndUserFromRequest(
    */
   const getSessionForCaching = this.opts.cacheSession?.getSession;
   if (clientReq.socket && getSessionForCaching && clientReq.socket.__prglCache) {
-    const { session, ...userData } = clientReq.socket.__prglCache;
+    const { session, userData } = clientReq.socket.__prglCache;
     const isValid = this.isNonExpiredSocketSession(clientReq.socket, session);
     if (isValid) {
       return {
@@ -33,40 +34,46 @@ export async function getSidAndUserFromRequest(
    * Get sid from request and fetch user data
    */
   const authStart = Date.now();
-  const result = await throttledAuthCall(async () => {
-    const { getUser } = this.opts;
+  // const result = await throttledAuthCall(async () => {
+  //   const clientInfoOrErr = await this.opts.getUser(
+  //     this.getValidatedSid(clientReq),
+  //     this.dbo as DBOFullyTyped,
+  //     this.db,
+  //     getClientRequestIPsInfo(clientReq),
+  //     clientReq
+  //   );
+  //   if (clientInfoOrErr && (typeof clientInfoOrErr === "string" || "success" in clientInfoOrErr))
+  //     throw clientInfoOrErr;
+  //   const clientInfo = clientInfoOrErr;
 
-    const sid = this.getSID(clientReq);
-    const clientInfoOrErr =
-      !sid ? undefined : (
-        await getUser(
-          sid,
-          this.dbo as DBOFullyTyped,
-          this.db,
-          getClientRequestIPsInfo(clientReq),
-          clientReq
-        )
-      );
-    if (clientInfoOrErr && (typeof clientInfoOrErr === "string" || "success" in clientInfoOrErr))
-      throw clientInfoOrErr;
-    const clientInfo = clientInfoOrErr;
-    if (getSessionForCaching && clientReq.socket && sid) {
-      const session = await getSessionForCaching(sid, this.dbo as DBOFullyTyped, this.db);
-      if (session && session.expires && clientInfo?.user) {
-        clientReq.socket.__prglCache = {
-          ...clientInfo,
-          session,
-        };
-      }
-    }
+  //   if (clientInfo && "type" in clientInfo) {
+  //     if (!("httpReq" in clientReq) || !clientReq.httpReq) throw "httpReq missing";
+  //     const { httpReq, res } = clientReq;
+  //     this.setCookieAndGoToReturnURLIFSet(clientInfo.session, { req: httpReq, res });
+  //     return;
+  //   }
 
-    if (clientInfo?.user && sid) {
-      return { sid, ...clientInfo };
-    }
+  //   const sid = this.getValidatedSid(clientReq);
+  //   if (getSessionForCaching && clientReq.socket && sid) {
+  //     const session = await getSessionForCaching(sid, this.dbo as DBOFullyTyped, this.db);
+  //     if (session && session.expires && clientInfo?.user) {
+  //       clientReq.socket.__prglCache = {
+  //         userData: clientInfo,
+  //         session,
+  //       };
+  //     }
+  //   }
 
-    return { sid, preferredLogin: !clientInfo?.user ? clientInfo?.preferredLogin : undefined };
-  }, 100);
+  //   if (clientInfo?.user && sid) {
+  //     return { sid, ...clientInfo };
+  //   }
 
+  //   return { sid, preferredLogin: !clientInfo?.user ? clientInfo?.preferredLogin : undefined };
+  // }, 100);
+  const result = await this.handleGetUser(clientReq);
+  if (result.error) {
+    throw result.error;
+  }
   await this.prostgles.opts.onLog?.({
     type: "auth",
     command: "getClientInfo",

package/lib/Auth/utils/getUserOrError.ts

@@ -0,0 +1,56 @@
+import { AuthResponse } from "prostgles-types";
+import { DBOFullyTyped } from "../../DBSchemaBuilder";
+import type { AuthHandler } from "../AuthHandler";
+import { AuthClientRequest, AuthResultWithSID } from "../AuthTypes";
+import { getClientRequestIPsInfo } from "../utils/getClientRequestIPsInfo";
+import { isAuthError } from "./handleGetUser";
+import { throttledAuthCall } from "./throttledReject";
+
+/**
+ * Used by:
+ *  - setCatchAllRequestHandler
+ *  - loginSignupConfig.use
+ */
+export async function getUserOrError(
+  this: AuthHandler,
+  clientReq: AuthClientRequest
+): Promise<AuthResultWithSID> {
+  // const sid = this.getValidatedSid(clientReq);
+  // if (!sid) return { sid };
+
+  try {
+    // const userOrErrorCode = await throttledAuthCall(async () => {
+    //   return this.opts.getUser(
+    //     this.validateSid(sid),
+    //     this.dbo as DBOFullyTyped,
+    //     this.db,
+    //     getClientRequestIPsInfo(clientReq),
+    //     clientReq
+    //   );
+    // }, 50);
+
+    // if (isAuthError(userOrErrorCode)) {
+    //   const error: AuthResponse.AuthFailure | undefined =
+    //     typeof userOrErrorCode === "string" ?
+    //       { success: false, code: userOrErrorCode }
+    //     : userOrErrorCode;
+
+    //   return {
+    //     sid,
+    //     error,
+    //   };
+    // }
+    // if (sid && userOrErrorCode?.user) {
+    //   return { sid, ...userOrErrorCode };
+    // }
+    // return {
+    //   sid,
+    // };
+    return this.handleGetUser(clientReq);
+  } catch (_err) {
+    return {
+      sid: this.getValidatedSid(clientReq),
+      error: { success: false, code: "server-error" },
+    };
+  }
+}

package/lib/Auth/utils/handleGetUser.ts

@@ -0,0 +1,67 @@
+import type { DBOFullyTyped } from "../../DBSchemaBuilder";
+import { tout } from "../../PubSubManager/initPubSubManager";
+import { getClientRequestIPsInfo, type AuthHandler } from "../AuthHandler";
+import type { AuthClientRequest, AuthResultOrError, AuthResultWithSID } from "../AuthTypes";
+import { throttledAuthCall } from "./throttledReject";
+import { AuthResponse, isObject } from "prostgles-types";
+
+export async function handleGetUserThrottled(
+  this: AuthHandler,
+  clientReq: AuthClientRequest
+): Promise<AuthResultWithSID> {
+  const getSessionForCaching = this.opts.cacheSession?.getSession;
+  const result = await throttledAuthCall(async () => {
+    const clientInfoOrErr = await this.opts.getUser(
+      this.getValidatedSid(clientReq),
+      this.dbo as DBOFullyTyped,
+      this.db,
+      getClientRequestIPsInfo(clientReq),
+      clientReq
+    );
+    if (isAuthError(clientInfoOrErr)) {
+      return {
+        error:
+          isObject(clientInfoOrErr) ? clientInfoOrErr : { success: false, code: clientInfoOrErr },
+        sid: this.getValidatedSid(clientReq),
+      } satisfies AuthResultWithSID;
+    }
+    const clientInfo = clientInfoOrErr;
+
+    if (clientInfo && "type" in clientInfo) {
+      if (!("httpReq" in clientReq) || !clientReq.httpReq)
+        throw "httpReq missing. new-session not implemented for sockets.";
+      const { httpReq, res } = clientReq;
+      this.setCookieAndGoToReturnURLIFSet(clientInfo.session, { req: httpReq, res });
+      /** Wait for refresh */
+      await tout(200);
+      return {
+        error: { success: false, code: "something-went-wrong" },
+        sid: this.getValidatedSid(clientReq),
+      } satisfies AuthResultWithSID;
+    }
+
+    const sid = this.getValidatedSid(clientReq);
+    if (getSessionForCaching && clientReq.socket && sid) {
+      const session = await getSessionForCaching(sid, this.dbo as DBOFullyTyped, this.db);
+      if (session && session.expires && clientInfo?.user) {
+        clientReq.socket.__prglCache = {
+          userData: clientInfo,
+          session,
+        };
+      }
+    }
+
+    if (clientInfo?.user && sid) {
+      return { sid, ...clientInfo };
+    }
+
+    return { sid, preferredLogin: !clientInfo?.user ? clientInfo?.preferredLogin : undefined };
+  }, 100);
+  return result;
+}
+
+export const isAuthError = (
+  dataOrError: AuthResultOrError
+): dataOrError is AuthResponse.AuthFailure["code"] | AuthResponse.AuthFailure => {
+  return Boolean(typeof dataOrError === "string" || (dataOrError && "success" in dataOrError));
+};

package/lib/DboBuilder/DboBuilderTypes.ts

@@ -168,7 +168,8 @@ export type PRGLIOSocket = {
   };
 
   /** Used for session caching */
-  __prglCache?: SessionUser & {
+  __prglCache?: {
+    userData: Omit<SessionUser, "session">;
     session: BasicSession;
   };
 

package/lib/Prostgles.ts

@@ -32,6 +32,7 @@ import {
   CHANNELS,
   ClientSchema,
   SQLRequest,
+  includes,
   isObject,
   omitKeys,
   tryCatchV2,

package/lib/PublishParser/PublishParser.ts

@@ -159,13 +159,14 @@ export class PublishParser {
       }
     }
 
-    if (tableRule[rtm.rule]) {
-      return tableRule;
-    } else
+    if (!tableRule[rtm.rule]) {
       throw {
         stack: ["getValidatedRequestRule()"],
         message: `Invalid or disallowed command: ${tableName}.${command}`,
       };
+    }
+
+    return tableRule;
   }
 
   async getTableRules(

package/lib/PublishParser/getSchemaFromPublish.ts

@@ -1,20 +1,26 @@
 import {
   DBSchemaTable,
   getKeys,
+  includes,
+  isEmpty,
+  isObject,
   MethodKey,
   pickKeys,
   TableInfo,
   TableSchemaErrors,
   TableSchemaForClient,
+  type AnyObject,
 } from "prostgles-types";
 import { AuthClientRequest, AuthResultWithSID } from "../Auth/AuthTypes";
 import { getErrorAsObject } from "../DboBuilder/DboBuilder";
+import type { TableHandler } from "../DboBuilder/TableHandler/TableHandler";
 import { TABLE_METHODS } from "../Prostgles";
 import { type PublishObject, PublishParser } from "./PublishParser";
 
 type Args = AuthClientRequest & {
   userData: AuthResultWithSID | undefined;
 };
+const SUBSCRIBE_METHODS = ["subscribe", "subscribeOne", "sync", "unsubscribe", "unsync"] as const;
 
 export async function getSchemaFromPublish(
   this: PublishParser,
@@ -64,115 +70,110 @@ export async function getSchemaFromPublish(
       }
       await Promise.all(
         tableNames.map(async (tableName) => {
+          const { canSubscribe, tablesOrViews } = this.prostgles.dboBuilder;
           if (!this.dbo[tableName]) {
             const errMsg = [
               `Table ${tableName} does not exist`,
-              `Expecting one of: ${JSON.stringify(this.prostgles.dboBuilder.tablesOrViews?.map((tov) => tov.name))}`,
-              `DBO tables: ${JSON.stringify(Object.keys(this.dbo).filter((k) => (this.dbo[k] as any).find))}`,
+              `Expecting one of: ${JSON.stringify(tablesOrViews?.map((tov) => tov.name))}`,
             ].join("\n");
             throw errMsg;
           }
 
-          const table_rules = await this.getTableRules({ clientReq, tableName }, clientInfo);
-
-          if (table_rules && Object.keys(table_rules).length) {
-            schema[tableName] = {};
-            const tableSchema = schema[tableName]!;
-            let methods: MethodKey[] = [];
-            let tableInfo: TableInfo | undefined;
-            let tableColumns: DBSchemaTable["columns"] | undefined;
-
-            if (typeof table_rules === "object") {
-              methods = getKeys(table_rules) as any;
-            }
-
-            if (!this.prostgles.dboBuilder.canSubscribe) {
-              methods = methods.filter(
-                (m) => !["subscribe", "subscribeOne", "sync", "unsubscribe", "unsync"].includes(m)
-              );
-            }
-
-            await Promise.all(
-              methods
-                .filter((m) => m !== ("select" as any))
-                .map(async (method) => {
-                  if (method === "sync" && table_rules[method]) {
-                    /* Pass sync info */
-                    tableSchema[method] = table_rules[method];
-                  } else if ((table_rules as any)[method]) {
-                    tableSchema[method] =
-                      method === "insert" ?
-                        pickKeys(table_rules.insert!, ["allowedNestedInserts"])
-                      : {};
-
-                    /* Test for issues with the common table CRUD methods () */
-                    if (TABLE_METHODS.some((tm) => tm === method)) {
-                      try {
-                        const valid_table_command_rules = await this.getValidatedRequestRule(
+          const tableRules = await this.getTableRules({ clientReq, tableName }, clientInfo);
+
+          if (!tableRules || isEmpty(tableRules)) return;
+          if (!isObject(tableRules)) {
+            throw `Invalid tableRules for table ${tableName}. Expecting an object`;
+          }
+
+          schema[tableName] = {};
+          const tableSchema = schema[tableName]!;
+          const methods = getKeys(tableRules).filter(
+            (m) => canSubscribe || !includes(SUBSCRIBE_METHODS, m)
+          );
+          let tableInfo: TableInfo | undefined;
+          let tableColumns: DBSchemaTable["columns"] | undefined;
+
+          await Promise.all(
+            methods
+              .filter((m) => m !== "select")
+              .map(async (method) => {
+                if (method === "sync") {
+                  /* Pass sync info */
+                  tableSchema[method] = tableRules[method];
+                } else if (includes(getKeys(tableRules), method) && tableRules[method]) {
+                  //@ts-ignore
+                  tableSchema[method] =
+                    method === "insert" ?
+                      pickKeys(tableRules[method]!, ["allowedNestedInserts"])
+                    : ({} as AnyObject);
+
+                  /* Test for issues with the common table CRUD methods () */
+                  if (includes(TABLE_METHODS, method)) {
+                    try {
+                      const parsedTableRule = await this.getValidatedRequestRule(
+                        {
+                          tableName,
+                          command: method,
+                          clientReq,
+                        },
+                        clientInfo
+                      );
+                      if (this.prostgles.opts.testRulesOnConnect) {
+                        await (this.dbo[tableName] as TableHandler)[method](
+                          {},
+                          {},
+                          undefined,
+                          parsedTableRule,
                           {
-                            tableName,
-                            command: method,
-                            clientReq,
-                          },
-                          clientInfo
+                            ...clientReq,
+                            isRemoteRequest: {},
+                            testRule: true,
+                          }
                         );
-                        if (this.prostgles.opts.testRulesOnConnect) {
-                          await (this.dbo[tableName] as any)[method](
-                            {},
-                            {},
-                            {},
-                            valid_table_command_rules,
-                            {
-                              ...clientReq,
-                              isRemoteRequest: true,
-                              testRule: true,
-                            }
-                          );
-                        }
-                      } catch (e) {
-                        console.error(`${tableName}.${method}`, e);
-                        tableSchemaErrors[tableName] ??= {};
-                        tableSchemaErrors[tableName]![method] = {
-                          error: "Internal publish error. Check server logs",
-                        };
-
-                        throw {
-                          ...getErrorAsObject(e),
-                          publish_path: `publish.${tableName}.${method}: \n   -> ${e}`,
-                        };
                       }
+                    } catch (e) {
+                      console.error(`${tableName}.${method}`, e);
+                      tableSchemaErrors[tableName] ??= {};
+                      tableSchemaErrors[tableName]![method] = {
+                        error: "Internal publish error. Check server logs",
+                      };
+
+                      throw {
+                        ...getErrorAsObject(e),
+                        publish_path: `publish.${tableName}.${method}: \n   -> ${e}`,
+                      };
                     }
+                  }
 
-                    if (method === "getInfo" || method === "getColumns") {
-                      const tableRules = await this.getValidatedRequestRule(
-                        { tableName, command: method, clientReq },
-                        clientInfo
-                      );
-                      const res = await (this.dbo[tableName] as any)[method](
-                        undefined,
-                        undefined,
-                        undefined,
-                        tableRules,
-                        { ...clientReq, isRemoteRequest: true }
-                      );
-                      if (method === "getInfo") {
-                        tableInfo = res;
-                        // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
-                      } else if (method === "getColumns") {
-                        tableColumns = res;
-                      }
+                  if (method === "getInfo" || method === "getColumns") {
+                    const tableRules = await this.getValidatedRequestRule(
+                      { tableName, command: method, clientReq },
+                      clientInfo
+                    );
+                    const res = await (this.dbo[tableName] as TableHandler)[method](
+                      undefined,
+                      undefined,
+                      undefined,
+                      tableRules,
+                      { ...clientReq, isRemoteRequest: {} }
+                    );
+                    if (method === "getInfo") {
+                      tableInfo = res as TableInfo;
+                    } else {
+                      tableColumns = res as DBSchemaTable["columns"];
                     }
                   }
-                })
-            );
-
-            if (tableInfo && tableColumns) {
-              tables.push({
-                name: tableName,
-                info: tableInfo,
-                columns: tableColumns,
-              });
-            }
+                }
+              })
+          );
+
+          if (tableInfo && tableColumns) {
+            tables.push({
+              name: tableName,
+              info: tableInfo,
+              columns: tableColumns,
+            });
           }
         })
       );

package/lib/onSocketConnected.ts

@@ -17,7 +17,7 @@ export async function onSocketConnected(this: Prostgles, socket: PRGLIOSocket) {
   try {
     await this.opts.onLog?.({
       type: "connect",
-      sid: this.authHandler?.getSID({ socket }),
+      sid: this.authHandler?.getValidatedSid({ socket }),
       socketId: socket.id,
       connectedSocketIds: this.connectedSockets.map((s) => s.id),
     });
@@ -30,7 +30,7 @@ export async function onSocketConnected(this: Prostgles, socket: PRGLIOSocket) {
     if (onUseOrSocketConnected) {
       if (!authHandler) throw "authHandler missing";
       const errorInfo = await onUseOrSocketConnected(
-        authHandler.getSID({ socket }),
+        authHandler.getValidatedSid({ socket }),
         getClientRequestIPsInfo({ socket }),
         { socket }
       );
@@ -91,7 +91,7 @@ export async function onSocketConnected(this: Prostgles, socket: PRGLIOSocket) {
       this.dboBuilder.queryStreamer.onDisconnect(socket.id);
       void this.opts.onLog?.({
         type: "disconnect",
-        sid: this.authHandler?.getSID({ socket }),
+        sid: this.authHandler?.getValidatedSid({ socket }),
         socketId: socket.id,
         connectedSocketIds: this.connectedSockets.map((s) => s.id),
       });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prostgles-server",
-  "version": "4.2.270",
+  "version": "4.2.271",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -57,7 +57,7 @@
     "pg": "^8.11.5",
     "pg-cursor": "^2.11.0",
     "pg-promise": "^11.9.1",
-    "prostgles-types": "^4.0.164"
+    "prostgles-types": "^4.0.166"
   },
   "devDependencies": {
     "@eslint/js": "^9.22.0",