tina4-nodejs 3.11.1 → 3.11.4

package/package.json

@@ -3,7 +3,7 @@
 
 
 
-  "version": "3.11.1",
+  "version": "3.11.4",
 
   "type": "module",
   "description": "Tina4 for Node.js/TypeScript — 54 built-in features, zero dependencies",

package/packages/cli/src/commands/serve.ts

@@ -37,48 +37,13 @@ export async function serveProject(options: ServeOptions): Promise<void> {
     staticDir,
   });
 
-  // Watch for file changes.
-  //
-  // Templates and static assets are re-read from disk every request in dev mode,
-  // so we only need to touch the router when a .ts/.js route file actually
-  // changes. Clearing the router on every edit (including templates) leaves a
-  // brief window where the router is empty — any request hitting that window
-  // gets a 404 whose response path bypasses the dev toolbar injection, so the
-  // toolbar appears to "vanish" after a hot reload. Route-file-only clearing
-  // matches the behaviour of Python's DevReload and the fix made in PHP v3.10.87.
-  const noReload = ["true", "1", "yes"].includes((process.env.TINA4_NO_RELOAD ?? "").toLowerCase());
-  const watchDirs = [routesDir, ormDir, modelsDir, templatesDir].filter((d) => existsSync(d));
-  let watcher: { close: () => void } | null = null;
-  if (!noReload) {
-    watcher = watchForChanges(watchDirs, async ({ code }) => {
-      if (!code) {
-        // Template/CSS/JS asset change — nothing to do in the server. The
-        // browser will re-fetch on its own reload cycle and the request will
-        // be served against the existing route set with the toolbar intact.
-        return;
-      }
-      try {
-        // Re-discover routes. discoverRoutes() cache-busts imports via ?t=<timestamp>,
-        // so the new modules are loaded fresh. Build the new list first, then
-        // replace the router's state in one back-to-back block to minimise the
-        // window where the router is empty.
-        const { discoverRoutes } = await import("../../../core/src/index.js");
-        const routes = await discoverRoutes(routesDir);
-        server.router.clear();
-        for (const route of routes) {
-          server.router.addRoute(route);
-        }
-        console.log(`  Reloaded ${routes.length} route(s)`);
-      } catch (err) {
-        console.error("  Error reloading routes:", err);
-      }
-    });
-  }
+  // File watching is handled by the Rust CLI (tina4 serve). The framework
+  // only needs POST /__dev/api/reload to update the mtime counter for browser polling.
+  // No internal file watcher.
 
   // Graceful shutdown
   const shutdown = () => {
     console.log("\n  Shutting down...");
-    watcher?.close();
     server.close();
     process.exit(0);
   };

package/packages/core/src/devAdmin.ts

@@ -437,6 +437,9 @@ export class DevAdmin {
       // Dashboard
       { method: "GET", pattern: "/__dev", handler: handleDashboard },
       { method: "GET", pattern: "/__dev/", handler: handleDashboard },
+      // Reload — called by Rust CLI on file changes
+      { method: "GET", pattern: "/__dev/api/mtime", handler: handleMtime },
+      { method: "POST", pattern: "/__dev/api/reload", handler: handleReload },
       // Status & system
       { method: "GET", pattern: "/__dev/api/status", handler: handleStatus(router) },
       { method: "GET", pattern: "/__dev/api/system", handler: handleSystem },
@@ -526,6 +529,23 @@ const handleDashboard: RouteHandler = (_req, res) => {
   res.raw.end(spa);
 };
 
+// Reload mtime counter — updated by POST /__dev/api/reload from Rust CLI
+let _reloadMtime = 0;
+let _reloadFile = "";
+
+const handleMtime: RouteHandler = async (_req, res) => {
+  res.json({ mtime: _reloadMtime, file: _reloadFile });
+};
+
+const handleReload: RouteHandler = async (req, res) => {
+  _reloadMtime = Math.floor(Date.now() / 1000);
+  const body = req.body as Record<string, unknown> | undefined;
+  _reloadFile = (body?.file as string) || "";
+  const reloadType = (body?.type as string) || "reload";
+  console.log(`  External reload trigger: ${reloadType}${_reloadFile ? ` (${_reloadFile})` : ""}`);
+  res.json({ ok: true, type: reloadType });
+};
+
 function handleStatus(router: Router): RouteHandler {
   return async (_req, res) => {
     const mem = process.memoryUsage();

package/packages/core/src/graphql.ts

@@ -480,8 +480,9 @@ export class GraphQL {
   /**
    * Execute a GraphQL query string.
    */
-  execute(query: string, variables?: Record<string, unknown>): GraphQLResult {
+  execute(query: string, variables?: Record<string, unknown>, context?: Record<string, unknown>): GraphQLResult {
     const vars = variables ?? {};
+    const ctx = context ?? {};
     const errors: Array<{ message: string; path?: string[] }> = [];
 
     let doc: { definitions: ParsedOperation[] };
@@ -511,7 +512,10 @@ export class GraphQL {
     const data: Record<string, unknown> = {};
 
     for (const sel of op.selections) {
-      const [value, errs] = this.resolveField(sel, resolvers, null, vars);
+      // Check directives (@skip, @include, @auth, @role, @guest)
+      if (!this.checkDirectives(sel.directives ?? [], vars, ctx)) continue;
+
+      const [value, errs] = this.resolveField(sel, resolvers, null, vars, ctx);
       errors.push(...errs);
       const key = sel.alias ?? sel.name;
       data[key] = value;
@@ -841,22 +845,36 @@ export class GraphQL {
     resolvers: Map<string, QueryConfig>,
     parent: unknown,
     variables: Record<string, unknown>,
+    context: Record<string, unknown> = {},
   ): [unknown, Array<{ message: string; path?: string[] }>] {
     const errors: Array<{ message: string; path?: string[] }> = [];
     const name = sel.name;
     const args = this.resolveArgs(sel.args, variables);
 
+    // Check directives (@auth, @role, @guest, @skip, @include)
+    if (!this.checkDirectives(sel.directives ?? [], variables, context)) {
+      return [null, errors];
+    }
+
     let value: unknown = undefined;
 
     if (parent !== null && parent !== undefined) {
-      // Resolve from parent object
       if (typeof parent === "object" && parent !== null) {
         value = (parent as Record<string, unknown>)[name];
       }
     } else if (resolvers.has(name)) {
       const config = resolvers.get(name)!;
+
+      // Input validation
+      const validationErrors = this.validateArgs(args, config.args ?? {}, name);
+      if (validationErrors.length > 0) {
+        return [null, validationErrors];
+      }
+
+      // Inject sub-selections into context for DataLoader/eager-loading
+      const ctx = { ...context, __selections: sel.selections ?? [] };
       try {
-        value = config.resolver(null, args, {});
+        value = config.resolver(null, args, ctx);
       } catch (e: unknown) {
         const message = e instanceof Error ? e.message : String(e);
         errors.push({ message, path: [name] });
@@ -864,45 +882,30 @@ export class GraphQL {
       }
     }
 
-    // If no sub-selections, return the scalar value
     if (!sel.selections || sel.selections.length === 0) {
       return [value, errors];
     }
 
-    // Handle list types
     if (Array.isArray(value)) {
       const result: Record<string, unknown>[] = [];
       for (const item of value) {
         const obj: Record<string, unknown> = {};
         for (const subSel of sel.selections) {
-          const [subVal, subErrs] = this.resolveField(
-            subSel,
-            new Map(),
-            item,
-            variables,
-          );
+          const [subVal, subErrs] = this.resolveField(subSel, new Map(), item, variables, context);
           errors.push(...subErrs);
-          const key = subSel.alias ?? subSel.name;
-          obj[key] = subVal;
+          obj[subSel.alias ?? subSel.name] = subVal;
         }
         result.push(obj);
       }
       return [result, errors];
     }
 
-    // Handle object types
     if (value !== null && value !== undefined) {
       const obj: Record<string, unknown> = {};
       for (const subSel of sel.selections) {
-        const [subVal, subErrs] = this.resolveField(
-          subSel,
-          new Map(),
-          value,
-          variables,
-        );
+        const [subVal, subErrs] = this.resolveField(subSel, new Map(), value, variables, context);
         errors.push(...subErrs);
-        const key = subSel.alias ?? subSel.name;
-        obj[key] = subVal;
+        obj[subSel.alias ?? subSel.name] = subVal;
       }
       return [obj, errors];
     }
@@ -931,6 +934,120 @@ export class GraphQL {
     }
     return resolved;
   }
+
+  /**
+   * Check directives: @skip, @include, @auth, @role, @guest.
+   * Returns true if the field should be included, false to skip.
+   */
+  private checkDirectives(
+    directives: Array<{ name: string; args: Record<string, unknown> }>,
+    variables: Record<string, unknown>,
+    context: Record<string, unknown> = {},
+  ): boolean {
+    for (const d of directives) {
+      let val = d.args?.if;
+      if (typeof val === "object" && val !== null && "$var" in val) {
+        val = variables[(val as { $var: string }).$var];
+      }
+
+      if (d.name === "skip" && val) return false;
+      if (d.name === "include" && !val) return false;
+
+      // Auth: @auth — requires any authenticated user
+      if (d.name === "auth" && !context.user) return false;
+
+      // Auth: @role(role: "admin") — requires specific role
+      if (d.name === "role") {
+        const required = d.args?.role;
+        const user = context.user as Record<string, unknown> | undefined;
+        const actual = user?.role ?? context.role;
+        if (!required || actual !== required) return false;
+      }
+
+      // Auth: @guest — only for unauthenticated
+      if (d.name === "guest" && context.user) return false;
+    }
+    return true;
+  }
+
+  /**
+   * Validate resolved args against declared types.
+   */
+  private validateArgs(
+    args: Record<string, unknown>,
+    argConfigs: Record<string, string>,
+    fieldName: string,
+  ): Array<{ message: string; path?: string[] }> {
+    const errors: Array<{ message: string; path?: string[] }> = [];
+
+    for (const [argName, declaredType] of Object.entries(argConfigs)) {
+      const parsed = GraphQLType.parse(declaredType);
+      const value = args[argName];
+      const isNonNull = parsed.kind === "non_null";
+      const innerType = isNonNull ? parsed.ofType! : parsed;
+      const baseName = innerType.kind === "list" ? "list" : innerType.name;
+
+      if (isNonNull && (value === null || value === undefined || value === "")) {
+        errors.push({
+          message: `Argument '${argName}' on field '${fieldName}' is required (type: ${declaredType})`,
+          path: [fieldName],
+        });
+        continue;
+      }
+
+      if (value === null || value === undefined) continue;
+
+      if (baseName === "list" && Array.isArray(value)) {
+        const itemType = innerType.ofType;
+        if (itemType) {
+          const itemName = itemType.kind === "non_null" ? (itemType.ofType?.name ?? "String") : itemType.name;
+          for (let i = 0; i < value.length; i++) {
+            if (!this.coerceValue(value[i], itemName)) {
+              errors.push({
+                message: `Argument '${argName}[${i}]' on field '${fieldName}' expected ${itemName}, got ${typeof value[i]}`,
+                path: [fieldName],
+              });
+            }
+          }
+        }
+        continue;
+      }
+
+      if (GraphQLType.SCALARS.includes(baseName)) {
+        if (!this.coerceValue(value, baseName)) {
+          errors.push({
+            message: `Argument '${argName}' on field '${fieldName}' expected type ${baseName}, got ${typeof value}`,
+            path: [fieldName],
+          });
+        }
+      }
+    }
+
+    return errors;
+  }
+
+  private coerceValue(value: unknown, typeName: string): boolean {
+    if (typeName === "String" || typeName === "ID") {
+      return typeof value === "string" || typeof value === "number";
+    }
+    if (typeName === "Int") {
+      if (typeof value === "boolean") return false;
+      if (typeof value === "number") return Number.isInteger(value);
+      if (typeof value === "string") return /^-?\d+$/.test(value);
+      return false;
+    }
+    if (typeName === "Float") {
+      if (typeof value === "boolean") return false;
+      if (typeof value === "number") return true;
+      if (typeof value === "string") return !isNaN(parseFloat(value));
+      return false;
+    }
+    if (typeName === "Boolean") {
+      return typeof value === "boolean" || value === 0 || value === 1
+        || value === "true" || value === "false";
+    }
+    return true;
+  }
 }
 
 /**