s3db.js 13.4.0 → 13.5.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "s3db.js",
-  "version": "13.4.0",
+  "version": "13.5.1",
   "description": "Use AWS S3, the world's most reliable document storage, as a database with this ORM.",
   "main": "dist/s3db.cjs.js",
   "module": "dist/s3db.es.js",
@@ -87,7 +87,7 @@
     "@aws-sdk/client-sqs": "^3.0.0",
     "@google-cloud/bigquery": "^7.0.0",
     "@hono/node-server": "^1.0.0",
-    "@hono/swagger-ui": "^0.5.0",
+    "@hono/swagger-ui": "^0.5.2",
     "@libsql/client": "^0.14.0",
     "@planetscale/database": "^1.0.0",
     "@tensorflow/tfjs-node": "^4.0.0",
@@ -137,7 +137,7 @@
     "@babel/preset-env": "^7.28.3",
     "@google-cloud/bigquery": "^7.9.4",
     "@hono/node-server": "^1.13.7",
-    "@hono/swagger-ui": "^0.5.3",
+    "@hono/swagger-ui": "^0.5.2",
     "@libsql/client": "^0.14.0",
     "@planetscale/database": "^1.19.0",
     "@rollup/plugin-commonjs": "^28.0.8",

package/src/database.class.js

@@ -1091,7 +1091,7 @@ export class Database extends EventEmitter {
       if (!existingVersionData || existingVersionData.hash !== newHash) {
         await this.uploadMetadataFile();
       }
-      this.emit("s3db.resourceUpdated", name);
+      this.emit("db:resource-updated", name);
       return existingResource;
     }
     const existingMetadata = this.savedMetadata?.resources?.[name];
@@ -1131,7 +1131,7 @@ export class Database extends EventEmitter {
     }
 
     await this.uploadMetadataFile();
-    this.emit("s3db.resourceCreated", name);
+    this.emit("db:resource-created", name);
     return resource;
   }
 

package/src/plugins/api/auth/basic-auth.js

@@ -67,7 +67,9 @@ async function verifyPassword(inputPassword, storedPassword, passphrase) {
  * Create Basic Auth middleware
  * @param {Object} options - Basic Auth options
  * @param {string} options.realm - Authentication realm (default: 'API Access')
- * @param {Object} options.usersResource - Users resource for credential validation
+ * @param {Object} options.authResource - Resource for credential validation
+ * @param {string} options.usernameField - Field name for username (default: 'email')
+ * @param {string} options.passwordField - Field name for password (default: 'password')
  * @param {string} options.passphrase - Passphrase for password decryption
  * @param {boolean} options.optional - If true, allows requests without auth
  * @returns {Function} Hono middleware
@@ -75,13 +77,15 @@ async function verifyPassword(inputPassword, storedPassword, passphrase) {
 export function basicAuth(options = {}) {
   const {
     realm = 'API Access',
-    usersResource,
+    authResource,
+    usernameField = 'email',
+    passwordField = 'password',
     passphrase = 'secret',
     optional = false
   } = options;
 
-  if (!usersResource) {
-    throw new Error('usersResource is required for Basic authentication');
+  if (!authResource) {
+    throw new Error('authResource is required for Basic authentication');
   }
 
   return async (c, next) => {
@@ -107,9 +111,10 @@ export function basicAuth(options = {}) {
 
     const { username, password } = credentials;
 
-    // Query user by username
+    // Query user by configured username field
     try {
-      const users = await usersResource.query({ username });
+      const queryFilter = { [usernameField]: username };
+      const users = await authResource.query(queryFilter);
 
       if (!users || users.length === 0) {
         c.header('WWW-Authenticate', `Basic realm="${realm}"`);
@@ -119,14 +124,17 @@ export function basicAuth(options = {}) {
 
       const user = users[0];
 
-      if (!user.active) {
+      // Check if user is active (if field exists)
+      if (user.active !== undefined && !user.active) {
         c.header('WWW-Authenticate', `Basic realm="${realm}"`);
         const response = unauthorized('User account is inactive');
         return c.json(response, response._status);
       }
 
-      // Verify password
-      const isValid = await verifyPassword(password, user.password, passphrase);
+      // Verify password using configured password field
+      // Schema handles encryption/decryption for 'secret' field types
+      const storedPassword = user[passwordField];
+      const isValid = storedPassword === password;
 
       if (!isValid) {
         c.header('WWW-Authenticate', `Basic realm="${realm}"`);

package/src/plugins/api/index.js

@@ -56,6 +56,10 @@ export class ApiPlugin extends Plugin {
       host: options.host || '0.0.0.0',
       verbose: options.verbose || false,
 
+      // Version prefix configuration (global default)
+      // Can be: true (use resource version), false (no prefix - DEFAULT), or string (custom prefix like 'api/v1')
+      versionPrefix: options.versionPrefix !== undefined ? options.versionPrefix : false,
+
       docs: {
         enabled: options.docs?.enabled !== false && options.docsEnabled !== false, // Enable by default
         ui: options.docs?.ui || 'redoc', // 'swagger' or 'redoc' (redoc is prettier!)
@@ -64,26 +68,27 @@ export class ApiPlugin extends Plugin {
         description: options.docs?.description || options.apiDescription || 'Auto-generated REST API for s3db.js resources'
       },
 
-      // Authentication configuration
-      auth: {
-        jwt: {
-          enabled: options.auth?.jwt?.enabled || false,
-          secret: options.auth?.jwt?.secret || null,
-          expiresIn: options.auth?.jwt?.expiresIn || '7d'
-        },
-        apiKey: {
-          enabled: options.auth?.apiKey?.enabled || false,
-          headerName: options.auth?.apiKey?.headerName || 'X-API-Key'
-        },
-        basic: {
-          enabled: options.auth?.basic?.enabled || false,
-          realm: options.auth?.basic?.realm || 'API Access'
-        }
+      // Authentication configuration (driver-based)
+      auth: options.auth ? {
+        driver: options.auth.driver || null,             // 'jwt' or 'basic'
+        resource: options.auth.resource || 'users',      // Resource that manages auth
+        usernameField: options.auth.usernameField || 'email',   // Default: email
+        passwordField: options.auth.passwordField || 'password', // Default: password
+        config: options.auth.config || {}                // Driver-specific config
+      } : {
+        driver: null,
+        resource: 'users',
+        usernameField: 'email',
+        passwordField: 'password',
+        config: {}
       },
 
       // Resource configuration
       resources: options.resources || {},
 
+      // Custom routes (plugin-level)
+      routes: options.routes || {},
+
       // CORS configuration
       cors: {
         enabled: options.cors?.enabled || false,
@@ -176,10 +181,8 @@ export class ApiPlugin extends Plugin {
       throw err;
     }
 
-    // Create users resource if authentication is enabled
-    const authEnabled = this.config.auth.jwt.enabled ||
-                       this.config.auth.apiKey.enabled ||
-                       this.config.auth.basic.enabled;
+    // Create users resource if authentication driver is configured
+    const authEnabled = this.config.auth.driver !== null;
 
     if (authEnabled) {
       await this._createUsersResource();
@@ -467,6 +470,7 @@ export class ApiPlugin extends Plugin {
       host: this.config.host,
       database: this.database,
       resources: this.config.resources,
+      routes: this.config.routes,
       middlewares: this.compiledMiddlewares,
       verbose: this.config.verbose,
       auth: this.config.auth,

package/src/plugins/api/routes/auth-routes.js

@@ -14,13 +14,16 @@ import tryFn from '../../../concerns/try-fn.js';
 
 /**
  * Create authentication routes
- * @param {Object} usersResource - s3db.js users resource
+ * @param {Object} authResource - s3db.js resource that manages authentication
  * @param {Object} config - Auth configuration
  * @returns {Hono} Hono app with auth routes
  */
-export function createAuthRoutes(usersResource, config = {}) {
+export function createAuthRoutes(authResource, config = {}) {
   const app = new Hono();
   const {
+    driver,                          // 'jwt' or 'basic'
+    usernameField = 'email',         // Field name for username (default: 'email')
+    passwordField = 'password',      // Field name for password (default: 'password')
     jwtSecret,
     jwtExpiresIn = '7d',
     passphrase = 'secret',
@@ -31,134 +34,152 @@ export function createAuthRoutes(usersResource, config = {}) {
   if (allowRegistration) {
     app.post('/register', asyncHandler(async (c) => {
       const data = await c.req.json();
-      const { username, password, email, role = 'user' } = data;
+      const username = data[usernameField];
+      const password = data[passwordField];
+      const role = data.role || 'user';
 
       // Validate input
       if (!username || !password) {
         const response = formatter.validationError([
-          { field: 'username', message: 'Username is required' },
-          { field: 'password', message: 'Password is required' }
+          { field: usernameField, message: `${usernameField} is required` },
+          { field: passwordField, message: `${passwordField} is required` }
         ]);
         return c.json(response, response._status);
       }
 
       if (password.length < 8) {
         const response = formatter.validationError([
-          { field: 'password', message: 'Password must be at least 8 characters' }
+          { field: passwordField, message: 'Password must be at least 8 characters' }
         ]);
         return c.json(response, response._status);
       }
 
       // Check if username already exists
-      const existing = await usersResource.query({ username });
+      const queryFilter = { [usernameField]: username };
+      const existing = await authResource.query(queryFilter);
       if (existing && existing.length > 0) {
-        const response = formatter.error('Username already exists', {
+        const response = formatter.error(`${usernameField} already exists`, {
           status: 409,
           code: 'CONFLICT'
         });
         return c.json(response, response._status);
       }
 
-      // Create user
-      const user = await usersResource.insert({
-        username,
-        password, // Will be auto-encrypted by schema (secret field)
-        email,
-        role,
-        active: true,
-        apiKey: generateApiKey(),
-        createdAt: new Date().toISOString()
-      });
+      // Create user with dynamic fields
+      // Only include fields from request + required auth fields
+      const userData = {
+        ...data, // Include all fields from request first
+        [usernameField]: username, // Override to ensure correct value
+        [passwordField]: password // Will be auto-encrypted by schema (secret field)
+      };
+
+      // Add optional fields only if not provided
+      if (!userData.role) {
+        userData.role = role;
+      }
+      if (userData.active === undefined) {
+        userData.active = true;
+      }
 
-      // Generate JWT token
+      const user = await authResource.insert(userData);
+
+      // Generate JWT token (only for JWT driver)
       let token = null;
-      if (jwtSecret) {
+      if (driver === 'jwt' && jwtSecret) {
         token = createToken(
-          { userId: user.id, username: user.username, role: user.role },
+          {
+            userId: user.id,
+            [usernameField]: user[usernameField],
+            role: user.role
+          },
           jwtSecret,
           jwtExpiresIn
         );
       }
 
       // Remove sensitive data from response
-      const { password: _, ...userWithoutPassword } = user;
+      const { [passwordField]: _, ...userWithoutPassword } = user;
 
       const response = formatter.created({
         user: userWithoutPassword,
-        token
+        ...(token && { token }) // Only include token if JWT driver
       }, `/auth/users/${user.id}`);
 
       return c.json(response, response._status);
     }));
   }
 
-  // POST /auth/login - Login with username/password
-  app.post('/login', asyncHandler(async (c) => {
-    const data = await c.req.json();
-    const { username, password } = data;
-
-    // Validate input
-    if (!username || !password) {
-      const response = formatter.unauthorized('Username and password are required');
-      return c.json(response, response._status);
-    }
+  // POST /auth/login - Login with username/password (JWT driver only)
+  if (driver === 'jwt') {
+    app.post('/login', asyncHandler(async (c) => {
+      const data = await c.req.json();
+      const username = data[usernameField];
+      const password = data[passwordField];
 
-    // Find user
-    const users = await usersResource.query({ username });
-    if (!users || users.length === 0) {
-      const response = formatter.unauthorized('Invalid credentials');
-      return c.json(response, response._status);
-    }
+      // Validate input
+      if (!username || !password) {
+        const response = formatter.unauthorized(`${usernameField} and ${passwordField} are required`);
+        return c.json(response, response._status);
+      }
 
-    const user = users[0];
+      // Find user by username field
+      const queryFilter = { [usernameField]: username };
+      const users = await authResource.query(queryFilter);
+      if (!users || users.length === 0) {
+        const response = formatter.unauthorized('Invalid credentials');
+        return c.json(response, response._status);
+      }
 
-    if (!user.active) {
-      const response = formatter.unauthorized('User account is inactive');
-      return c.json(response, response._status);
-    }
+      const user = users[0];
 
-    // Verify password (decrypt and compare)
-    // Note: In production, use proper password hashing (bcrypt, argon2)
-    const [ok, err, decrypted] = await tryFn(() =>
-      user.password // Password is already decrypted by autoDecrypt
-    );
+      // Check if user is active
+      if (user.active !== undefined && !user.active) {
+        const response = formatter.unauthorized('User account is inactive');
+        return c.json(response, response._status);
+      }
 
-    // For secret fields, we need to manually decrypt if autoDecrypt is off
-    // But by default autoDecrypt is true, so user.password should be plain text here
-    // Let's just compare directly since schema handles encryption/decryption
-    const isValid = user.password === password;
+      // Verify password (compare with password field)
+      // Schema handles encryption/decryption for 'secret' field types
+      const isValid = user[passwordField] === password;
 
-    if (!isValid) {
-      const response = formatter.unauthorized('Invalid credentials');
-      return c.json(response, response._status);
-    }
+      if (!isValid) {
+        const response = formatter.unauthorized('Invalid credentials');
+        return c.json(response, response._status);
+      }
 
-    // Update last login
-    await usersResource.update(user.id, {
-      lastLoginAt: new Date().toISOString()
-    });
+      // Update last login if field exists
+      if (user.lastLoginAt !== undefined) {
+        await authResource.update(user.id, {
+          lastLoginAt: new Date().toISOString()
+        });
+      }
 
-    // Generate JWT token
-    let token = null;
-    if (jwtSecret) {
-      token = createToken(
-        { userId: user.id, username: user.username, role: user.role },
-        jwtSecret,
-        jwtExpiresIn
-      );
-    }
+      // Generate JWT token
+      let token = null;
+      if (jwtSecret) {
+        token = createToken(
+          {
+            userId: user.id,
+            [usernameField]: user[usernameField],
+            role: user.role
+          },
+          jwtSecret,
+          jwtExpiresIn
+        );
+      }
 
-    // Remove sensitive data from response
-    const { password: _, ...userWithoutPassword } = user;
+      // Remove sensitive data from response
+      const { [passwordField]: _, ...userWithoutPassword } = user;
 
-    const response = formatter.success({
-      user: userWithoutPassword,
-      token,
-      expiresIn: jwtExpiresIn
-    });
+      const response = formatter.success({
+        user: userWithoutPassword,
+        token,
+        expiresIn: jwtExpiresIn
+      });
 
-    return c.json(response, response._status);
-  }));
+      return c.json(response, response._status);
+    }));
+  }
 
   // POST /auth/token/refresh - Refresh JWT token
   if (jwtSecret) {

package/src/plugins/api/routes/resource-routes.js

@@ -58,11 +58,12 @@ export function createResourceRoutes(resource, version, config = {}, Hono) {
   const {
     methods = ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],
     customMiddleware = [],
-    enableValidation = true
+    enableValidation = true,
+    versionPrefix = '' // Empty string by default (calculated in server.js)
   } = config;
 
   const resourceName = resource.name;
-  const basePath = `/${version}/${resourceName}`;
+  const basePath = versionPrefix ? `/${versionPrefix}/${resourceName}` : `/${resourceName}`;
 
   // Apply custom middleware
   customMiddleware.forEach(middleware => {