s3db.js 13.4.0 → 13.6.0

package/src/plugins/api/routes/resource-routes.js

@@ -6,6 +6,7 @@
 
 import { asyncHandler } from '../utils/error-handler.js';
 import * as formatter from '../utils/response-formatter.js';
+import { guardMiddleware } from '../utils/guards.js';
 
 /**
  * Parse custom route definition (e.g., "GET /healthcheck" or "async POST /custom")
@@ -58,11 +59,16 @@ export function createResourceRoutes(resource, version, config = {}, Hono) {
   const {
     methods = ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],
     customMiddleware = [],
-    enableValidation = true
+    enableValidation = true,
+    versionPrefix = '', // Empty string by default (calculated in server.js)
+    events = null // Event emitter for lifecycle hooks
   } = config;
 
   const resourceName = resource.name;
-  const basePath = `/${version}/${resourceName}`;
+  const basePath = versionPrefix ? `/${versionPrefix}/${resourceName}` : `/${resourceName}`;
+
+  // Get guards configuration from resource config
+  const guards = resource.config?.guards || null;
 
   // Apply custom middleware
   customMiddleware.forEach(middleware => {
@@ -111,7 +117,7 @@ export function createResourceRoutes(resource, version, config = {}, Hono) {
 
   // LIST - GET /{version}/{resource}
   if (methods.includes('GET')) {
-    app.get('/', asyncHandler(async (c) => {
+    app.get('/', guardMiddleware(guards, 'list'), asyncHandler(async (c) => {
       const query = c.req.query();
       const limit = parseInt(query.limit) || 100;
       const offset = parseInt(query.offset) || 0;
@@ -140,22 +146,23 @@ export function createResourceRoutes(resource, version, config = {}, Hono) {
 
       // Use query if filters are present
       if (Object.keys(filters).length > 0) {
-        items = await resource.query(filters, { limit: limit + offset });
-        items = items.slice(offset, offset + limit);
+        // Query with native offset support (efficient!)
+        items = await resource.query(filters, { limit, offset });
+        // Note: total is approximate (length of returned items)
+        // For exact total count with filters, would need separate count query
         total = items.length;
       } else if (partition && partitionValues) {
         // Query specific partition
         items = await resource.listPartition({
           partition,
           partitionValues,
-          limit: limit + offset
+          limit,
+          offset
         });
-        items = items.slice(offset, offset + limit);
         total = items.length;
       } else {
         // Regular list
-        items = await resource.list({ limit: limit + offset });
-        items = items.slice(offset, offset + limit);
+        items = await resource.list({ limit, offset });
         total = items.length;
       }
 
@@ -176,7 +183,7 @@ export function createResourceRoutes(resource, version, config = {}, Hono) {
 
   // GET ONE - GET /{version}/{resource}/:id
   if (methods.includes('GET')) {
-    app.get('/:id', asyncHandler(async (c) => {
+    app.get('/:id', guardMiddleware(guards, 'get'), asyncHandler(async (c) => {
       const id = c.req.param('id');
       const query = c.req.query();
       const partition = query.partition;
@@ -210,12 +217,22 @@ export function createResourceRoutes(resource, version, config = {}, Hono) {
 
   // CREATE - POST /{version}/{resource}
   if (methods.includes('POST')) {
-    app.post('/', asyncHandler(async (c) => {
+    app.post('/', guardMiddleware(guards, 'create'), asyncHandler(async (c) => {
       const data = await c.req.json();
 
       // Validation middleware will run if enabled
       const item = await resource.insert(data);
 
+      // Emit resource:created event
+      if (events) {
+        events.emitResourceEvent('created', {
+          resource: resourceName,
+          id: item.id,
+          data: item,
+          user: c.get('user')
+        });
+      }
+
       const location = `${basePath}/${item.id}`;
       const response = formatter.created(item, location);
 
@@ -226,7 +243,7 @@ export function createResourceRoutes(resource, version, config = {}, Hono) {
 
   // UPDATE (full) - PUT /{version}/{resource}/:id
   if (methods.includes('PUT')) {
-    app.put('/:id', asyncHandler(async (c) => {
+    app.put('/:id', guardMiddleware(guards, 'update'), asyncHandler(async (c) => {
       const id = c.req.param('id');
       const data = await c.req.json();
 
@@ -240,6 +257,17 @@ export function createResourceRoutes(resource, version, config = {}, Hono) {
       // Full update
       const updated = await resource.update(id, data);
 
+      // Emit resource:updated event
+      if (events) {
+        events.emitResourceEvent('updated', {
+          resource: resourceName,
+          id: updated.id,
+          data: updated,
+          previous: existing,
+          user: c.get('user')
+        });
+      }
+
       const response = formatter.success(updated);
       return c.json(response, response._status);
     }));
@@ -247,7 +275,7 @@ export function createResourceRoutes(resource, version, config = {}, Hono) {
 
   // UPDATE (partial) - PATCH /{version}/{resource}/:id
   if (methods.includes('PATCH')) {
-    app.patch('/:id', asyncHandler(async (c) => {
+    app.patch('/:id', guardMiddleware(guards, 'update'), asyncHandler(async (c) => {
       const id = c.req.param('id');
       const data = await c.req.json();
 
@@ -262,6 +290,18 @@ export function createResourceRoutes(resource, version, config = {}, Hono) {
       const merged = { ...existing, ...data, id };
       const updated = await resource.update(id, merged);
 
+      // Emit resource:updated event
+      if (events) {
+        events.emitResourceEvent('updated', {
+          resource: resourceName,
+          id: updated.id,
+          data: updated,
+          previous: existing,
+          partial: true,
+          user: c.get('user')
+        });
+      }
+
       const response = formatter.success(updated);
       return c.json(response, response._status);
     }));
@@ -269,7 +309,7 @@ export function createResourceRoutes(resource, version, config = {}, Hono) {
 
   // DELETE - DELETE /{version}/{resource}/:id
   if (methods.includes('DELETE')) {
-    app.delete('/:id', asyncHandler(async (c) => {
+    app.delete('/:id', guardMiddleware(guards, 'delete'), asyncHandler(async (c) => {
       const id = c.req.param('id');
 
       // Check if exists
@@ -281,6 +321,16 @@ export function createResourceRoutes(resource, version, config = {}, Hono) {
 
       await resource.delete(id);
 
+      // Emit resource:deleted event
+      if (events) {
+        events.emitResourceEvent('deleted', {
+          resource: resourceName,
+          id,
+          previous: existing,
+          user: c.get('user')
+        });
+      }
+
       const response = formatter.noContent();
       return c.json(response, response._status);
     }));
@@ -291,22 +341,11 @@ export function createResourceRoutes(resource, version, config = {}, Hono) {
     app.on('HEAD', '/', asyncHandler(async (c) => {
       // Get statistics
       const total = await resource.count();
+      const version = resource.config?.currentVersion || resource.version || 'v1';
 
-      // Get all items to calculate stats (for small datasets)
-      // For large datasets, this might need optimization
-      const allItems = await resource.list({ limit: 1000 });
-
-      // Calculate statistics
-      const stats = {
-        total,
-        version: resource.config?.currentVersion || resource.version || 'v1'
-      };
-
-      // Add resource-specific stats
+      // Set resource metadata headers
       c.header('X-Total-Count', total.toString());
-      c.header('X-Resource-Version', stats.version);
-
-      // Add schema info
+      c.header('X-Resource-Version', version);
       c.header('X-Schema-Fields', Object.keys(resource.config?.attributes || {}).length.toString());
 
       return c.body(null, 200);
@@ -392,8 +431,12 @@ export function createRelationalRoutes(sourceResource, relationName, relationCon
 
   // GET /{version}/{resource}/:id/{relation}
   // Examples: GET /v1/users/user123/posts, GET /v1/users/user123/profile
-  app.get('/:id', asyncHandler(async (c) => {
-    const id = c.req.param('id');
+  // Note: The :id param comes from parent route mounting (see server.js:469)
+  app.get('/', asyncHandler(async (c) => {
+    // Get parent route's :id param
+    const pathParts = c.req.path.split('/');
+    const relationNameIndex = pathParts.lastIndexOf(relationName);
+    const id = pathParts[relationNameIndex - 1];
     const query = c.req.query();
 
     // Check if source resource exists