proto.io 0.0.227 → 0.0.229

package/dist/index.mjs

@@ -1,10 +1,10 @@
 import _ from 'lodash';
 import { Server } from '@o2ter/server-js';
-import { Q as QueryValidator, a as QueryExpression, r as resolveColumn, b as resolveDataType, c as QuerySelector } from './internals/validator-Boj1PUjM.mjs';
+import { Q as QueryValidator, a as QueryExpression, b as QueryAccumulator, r as resolveColumn, c as resolveDataType, d as QuerySelector } from './internals/validator-DubDY921.mjs';
 import { P as PVK } from './internals/private-CNw40LZ7.mjs';
 import { prototypes, asyncStream, isBinaryData, base64ToBuffer } from '@o2ter/utils-js';
-import { L as LiveQuerySubscription, T as TQuery, d as deserialize, s as serialize, a as TUser, P as ProtoType, _ as _logLevels } from './internals/index-BWZIV3_T.mjs';
-export { b as ProtoClient, c as classExtends } from './internals/index-BWZIV3_T.mjs';
+import { L as LiveQuerySubscription, T as TQuery, d as deserialize, s as serialize, a as TUser, P as ProtoType, _ as _logLevels } from './internals/index-DG2-4tQ1.mjs';
+export { b as ProtoClient, c as classExtends } from './internals/index-DG2-4tQ1.mjs';
 import { i as isPointer, a as isRelation, T as TObject, d as defaultObjectKeyTypes, b as isShape, c as isPrimitive } from './internals/index-CSOoWRr1.mjs';
 import jwt from 'jsonwebtoken';
 import { Blob } from 'node:buffer';
@@ -113,6 +113,16 @@ const dispatcher = (proto, options) => {
                 throw Error('No permission');
             return proto.storage.find(decoded);
         },
+        async groupFind(query, accumulators) {
+            QueryValidator.recursiveCheck(query);
+            const _validator = await validator();
+            const decoded = _validator.decodeQuery(normalize(query), 'read');
+            const isGet = _validator.isGetMethod(decoded.filter);
+            if (!_validator.validateCLPs(query.className, isGet ? 'get' : 'find'))
+                throw Error('No permission');
+            const acc = _.mapValues(accumulators, x => QueryAccumulator.decode(x).simplify());
+            return proto.storage.groupFind(decoded, acc);
+        },
         async nonrefs(query) {
             QueryValidator.recursiveCheck(query);
             const _validator = await validator();
@@ -309,6 +319,9 @@ class _ProtoQuery extends TQuery {
                 yield self._objectMethods(object);
         });
     }
+    groupFind(accumulators, options) {
+        return this._dispatcher(options).groupFind(this._queryOptions, accumulators);
+    }
     nonrefs(options) {
         const self = this;
         return asyncStream(async function* () {
@@ -523,6 +536,8 @@ const defaultSchema = {
     'User': {
         fields: {
             password: 'object',
+            password_history: 'array',
+            password_changed_at: 'date',
         },
         classLevelPermissions: {
             find: [],
@@ -532,7 +547,7 @@ const defaultSchema = {
         fieldLevelPermissions: {
             _expired_at: { create: [], update: [] },
         },
-        secureFields: ['password'],
+        secureFields: ['password', 'password_history', 'password_changed_at'],
     },
     'Role': {
         fields: {
@@ -701,7 +716,7 @@ const passwordHash = async (alg, password, options) => {
         ...options
     };
 };
-const varifyPassword = async (alg, password, options) => {
+const verifyPassword = async (alg, password, options) => {
     if (!_.isString(options.salt))
         return false;
     if (!_.isString(options.derivedKey))
@@ -898,7 +913,7 @@ class ProtoInternal {
         }
         return callback(proxy(payload ?? proto));
     }
-    async varifyPassword(proto, user, password, options) {
+    async verifyPassword(proto, user, password, options) {
         if (!user.id)
             throw Error('Invalid user object');
         const _user = await proto.InsecureQuery('User')
@@ -906,20 +921,46 @@ class ProtoInternal {
             .includes('_id', 'password')
             .first(options);
         const { alg, ...opts } = _user?.get('password') ?? {};
-        return varifyPassword(alg, password, opts);
+        return verifyPassword(alg, password, opts);
     }
     async setPassword(proto, user, password, options) {
         if (!user.id)
             throw Error('Invalid user object');
         if (_.isEmpty(password))
             throw Error('Invalid password');
+        const { maxPasswordHistory, validatorCallback, } = this.options.passwordPolicy || {};
+        if (validatorCallback) {
+            const isValid = await validatorCallback(password, user);
+            if (!isValid)
+                throw Error('Password does not meet the policy requirements');
+        }
         const { alg, ...opts } = this.options.passwordHashOptions;
         const hashed = await passwordHash(alg, password, opts);
+        let history = [];
+        if (maxPasswordHistory && maxPasswordHistory > 0) {
+            const _user = await proto.InsecureQuery('User')
+                .equalTo('_id', user.id)
+                .includes('_id', 'password_history')
+                .first(options);
+            history = _.slice(_user?.get('password_history') ?? [], 0, maxPasswordHistory);
+            for (const entry of history) {
+                const { alg, ...opts } = entry;
+                if (await verifyPassword(alg, password, opts)) {
+                    throw Error('Cannot reuse previous passwords');
+                }
+            }
+        }
         await proto.InsecureQuery('User')
             .equalTo('_id', user.id)
             .includes('_id')
             .updateOne({
             password: { $set: hashed },
+            password_history: {
+                $set: maxPasswordHistory && maxPasswordHistory > 0
+                    ? _.slice([{ ...hashed, password }, ...history], 0, maxPasswordHistory)
+                    : [],
+            },
+            password_changed_at: { $set: new Date() },
         }, options);
     }
     async unsetPassword(proto, user, options) {
@@ -930,6 +971,7 @@ class ProtoInternal {
             .includes('_id')
             .updateOne({
             password: { $set: {} },
+            password_changed_at: { $set: new Date() },
         }, options);
     }
     async updateFile(proto, object, options) {
@@ -947,8 +989,8 @@ class ProtoInternal {
         }
         return object;
     }
-    varifyUploadToken(proto, token, isMaster) {
-        const { nonce, attributes, maxUploadSize, } = (_.isString(token) ? this.jwtVarify(token, 'upload') ?? {} : {});
+    verifyUploadToken(proto, token, isMaster) {
+        const { nonce, attributes, maxUploadSize, } = (_.isString(token) ? this.jwtVerify(token, 'upload') ?? {} : {});
         if (!isMaster && !nonce)
             throw Error('Upload token is required');
         return {
@@ -961,7 +1003,7 @@ class ProtoInternal {
         const data = object[PVK].extra.data;
         if (_.isNil(data))
             throw Error('Invalid file object');
-        const { nonce, attributes = {}, maxUploadSize = this.options.maxUploadSize, } = options?.uploadToken ? this.varifyUploadToken(proto, options.uploadToken, options.master) : {};
+        const { nonce, attributes = {}, maxUploadSize = this.options.maxUploadSize, } = options?.uploadToken ? this.verifyUploadToken(proto, options.uploadToken, options.master) : {};
         if (nonce) {
             const found = await proto.Query('File').equalTo('nonce', nonce).first({ master: true });
             if (found)
@@ -1068,7 +1110,7 @@ class ProtoInternal {
         })();
         return jwt.sign(payload, this.options.jwtToken, opts);
     }
-    jwtVarify(token, options = {}) {
+    jwtVerify(token, options = {}) {
         try {
             const opts = (() => {
                 switch (options) {
@@ -1204,7 +1246,7 @@ class ProtoInternal {
         obj.set('data', params);
         obj.set('user', user);
         await obj.save({ master: true });
-        this.jobRunner.excuteJob(proto);
+        this.jobRunner.executeJob(proto);
         return obj;
     }
 }
@@ -1266,7 +1308,7 @@ class JobRunner {
         job.set('completedAt', new Date());
         await job.save({ master: true });
     }
-    async excuteJob(proto) {
+    async executeJob(proto) {
         if (this._running || this._stopped)
             return;
         this._running = true;
@@ -1296,7 +1338,7 @@ class JobRunner {
                 finally {
                     clearInterval(timer);
                 }
-                this.excuteJob(proto);
+                this.executeJob(proto);
             })();
         }
         this._running = false;
@@ -1330,7 +1372,7 @@ class JobRunner {
 const _sessionWithToken = async (proto, token) => {
     if (_.isEmpty(token))
         return;
-    const payload = proto[PVK].jwtVarify(token, 'login') ?? {};
+    const payload = proto[PVK].jwtVerify(token, 'login') ?? {};
     if (!_.isString(payload.sessionId) || _.isEmpty(payload.sessionId))
         return;
     const session = await proto.Query('_Session')
@@ -1489,8 +1531,8 @@ const scheduleOp = {
     expireDocument: async (proto) => {
         await proto.gc();
     },
-    excuteJob: async (proto) => {
-        proto[PVK].jobRunner.excuteJob(proto);
+    executeJob: async (proto) => {
+        proto[PVK].jobRunner.executeJob(proto);
     },
 };
 const schedule = (proto) => {
@@ -1699,8 +1741,8 @@ class ProtoService extends ProtoType {
         if (req.res)
             await signUser(this, req.res, undefined, options);
     }
-    varifyPassword(user, password, options) {
-        return this[PVK].varifyPassword(this, user, password, options);
+    verifyPassword(user, password, options) {
+        return this[PVK].verifyPassword(this, user, password, options);
     }
     setPassword(user, password, options) {
         return this[PVK].setPassword(this, user, password, options);
@@ -1787,8 +1829,8 @@ class ProtoService extends ProtoType {
     jwtSign(payload, options) {
         return this[PVK].jwtSign(payload, options);
     }
-    jwtVarify(token, options = {}) {
-        return this[PVK].jwtVarify(token, options);
+    jwtVerify(token, options = {}) {
+        return this[PVK].jwtVerify(token, options);
     }
     notify(data) {
         return this[PVK].notify(this, data);
@@ -1974,7 +2016,7 @@ const verifyRelatedBy = (relatedBy) => {
 var classesRoute = (router, proto) => {
     const defaultHandler = async (req) => {
         const { name } = req.params;
-        const { operation, random, attributes, update, setOnInsert, relatedBy, silent, ...options } = deserialize(req.body);
+        const { operation, accumulators, random, attributes, update, setOnInsert, relatedBy, silent, ...options } = deserialize(req.body);
         verifyRelatedBy(relatedBy);
         const payload = proto.connect(req);
         const query = relatedBy ? payload.Relation(payload.Object(relatedBy.className, relatedBy.id), relatedBy.key) : payload.Query(name);
@@ -1995,15 +2037,16 @@ var classesRoute = (router, proto) => {
                     query[PVK].options.limit = query[PVK].options.limit ?? maxFetchLimit;
                     if (query[PVK].options.limit > maxFetchLimit)
                         throw Error('Query over limit');
-                    return await query.find(opts);
+                    return query.find(opts);
                 }
+            case 'groupFind': return query.groupFind(accumulators, opts);
             case 'random':
                 {
                     const maxFetchLimit = payload[PVK].options.maxFetchLimit;
                     query[PVK].options.limit = query[PVK].options.limit ?? maxFetchLimit;
                     if (query[PVK].options.limit > maxFetchLimit)
                         throw Error('Query over limit');
-                    return await query.random(random, opts);
+                    return query.random(random, opts);
                 }
             case 'nonrefs':
                 {
@@ -2011,7 +2054,7 @@ var classesRoute = (router, proto) => {
                     query[PVK].options.limit = query[PVK].options.limit ?? maxFetchLimit;
                     if (query[PVK].options.limit > maxFetchLimit)
                         throw Error('Query over limit');
-                    return await query.nonrefs(opts);
+                    return query.nonrefs(opts);
                 }
             case 'insert': return query.insert(attributes, opts);
             case 'insertMany': return query.insertMany(attributes, opts);
@@ -2281,7 +2324,7 @@ var filesRoute = (router, proto) => {
         await response(res, async () => {
             const payload = proto.connect(req);
             const uploadToken = req.header(UPLOAD_TOKEN_HEADER_NAME);
-            const { maxUploadSize } = payload[PVK].varifyUploadToken(payload, uploadToken, payload.isMaster);
+            const { maxUploadSize } = payload[PVK].verifyUploadToken(payload, uploadToken, payload.isMaster);
             const { attributes, file } = await decodeFormStream(req, (file, info) => proto.fileStorage.create(proto, file, info, maxUploadSize));
             try {
                 const obj = payload.Object('File');