npm - tina4-nodejs - Versions diffs - 3.2.1 → 3.4.0 - Mend

tina4-nodejs 3.2.1 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/CLAUDE.md +1 -1
package/README.md +1 -1
package/package.json +1 -1
package/packages/cli/src/bin.ts +13 -1
package/packages/cli/src/commands/migrate.ts +19 -5
package/packages/cli/src/commands/migrateCreate.ts +29 -28
package/packages/cli/src/commands/migrateRollback.ts +59 -0
package/packages/cli/src/commands/migrateStatus.ts +62 -0
package/packages/core/public/js/tina4-dev-admin.min.js +1 -1
package/packages/core/src/auth.ts +44 -10
package/packages/core/src/devAdmin.ts +14 -16
package/packages/core/src/index.ts +9 -2
package/packages/core/src/queue.ts +127 -25
package/packages/core/src/queueBackends/mongoBackend.ts +223 -0
package/packages/core/src/request.ts +3 -3
package/packages/core/src/router.ts +90 -51
package/packages/core/src/server.ts +47 -3
package/packages/core/src/session.ts +17 -1
package/packages/core/src/sessionHandlers/databaseHandler.ts +134 -0
package/packages/core/src/sessionHandlers/redisHandler.ts +230 -0
package/packages/core/src/types.ts +12 -6
package/packages/core/src/websocket.ts +11 -2
package/packages/core/src/websocketConnection.ts +4 -2
package/packages/frond/src/engine.ts +66 -1
package/packages/orm/src/autoCrud.ts +17 -12
package/packages/orm/src/baseModel.ts +99 -21
package/packages/orm/src/database.ts +197 -69
package/packages/orm/src/databaseResult.ts +207 -0
package/packages/orm/src/index.ts +6 -3
package/packages/orm/src/migration.ts +296 -71
package/packages/orm/src/model.ts +1 -0
package/packages/orm/src/types.ts +1 -0

package/packages/core/src/sessionHandlers/redisHandler.ts ADDED Viewed

@@ -0,0 +1,230 @@
+/**
+ * Tina4 Redis Session Handler — Redis via `redis` npm package (optional dependency).
+ *
+ * Provides a session handler backed by the official `redis` npm package,
+ * complementing the built-in raw-TCP RedisSessionHandler in session.ts.
+ *
+ * This handler uses synchronous child-process execution (same pattern as
+ * valkeyHandler.ts) so it fits the synchronous SessionHandler interface
+ * without requiring async refactoring.
+ *
+ * Configure via environment variables:
+ *   TINA4_SESSION_REDIS_HOST     (default: "127.0.0.1")
+ *   TINA4_SESSION_REDIS_PORT     (default: 6379)
+ *   TINA4_SESSION_REDIS_URL      (optional — full redis:// URL, overrides host/port)
+ *   TINA4_SESSION_REDIS_PASSWORD  (optional)
+ *   TINA4_SESSION_REDIS_PREFIX   (default: "tina4:session:")
+ *   TINA4_SESSION_REDIS_DB       (default: 0)
+ */
+import { execFileSync } from "node:child_process";
+import type { SessionHandler } from "../session.js";
+interface SessionData {
+  _created: number;
+  _accessed: number;
+  [key: string]: unknown;
+}
+export interface RedisNpmSessionConfig {
+  host?: string;
+  port?: number;
+  url?: string;
+  password?: string;
+  prefix?: string;
+  db?: number;
+}
+/**
+ * Redis session handler using the `redis` npm package.
+ *
+ * Falls back to raw TCP (RESP protocol) if the `redis` package is not
+ * installed, matching the approach used by the Valkey handler.
+ *
+ * Stores session data as JSON strings with Redis TTL for automatic expiry.
+ */
+export class RedisNpmSessionHandler implements SessionHandler {
+  private host: string;
+  private port: number;
+  private url: string;
+  private password: string;
+  private prefix: string;
+  private db: number;
+  constructor(config?: RedisNpmSessionConfig) {
+    this.url = config?.url
+      ?? process.env.TINA4_SESSION_REDIS_URL
+      ?? "";
+    this.host = config?.host
+      ?? process.env.TINA4_SESSION_REDIS_HOST
+      ?? "127.0.0.1";
+    this.port = config?.port
+      ?? (process.env.TINA4_SESSION_REDIS_PORT
+        ? parseInt(process.env.TINA4_SESSION_REDIS_PORT, 10)
+        : 6379);
+    this.password = config?.password
+      ?? process.env.TINA4_SESSION_REDIS_PASSWORD
+      ?? "";
+    this.prefix = config?.prefix
+      ?? process.env.TINA4_SESSION_REDIS_PREFIX
+      ?? "tina4:session:";
+    this.db = config?.db
+      ?? (process.env.TINA4_SESSION_REDIS_DB
+        ? parseInt(process.env.TINA4_SESSION_REDIS_DB, 10)
+        : 0);
+  }
+  /**
+   * Execute a Redis command synchronously via a short-lived child process.
+   *
+   * Attempts to use the `redis` npm package first. If unavailable, falls
+   * back to raw TCP (RESP protocol) — same as valkeyHandler.ts.
+   */
+  private execSync(args: string[]): string {
+    const script = `
+      const net = require("node:net");
+      const host = ${JSON.stringify(this.url || this.host)};
+      const port = ${this.port};
+      const password = ${JSON.stringify(this.password)};
+      const db = ${this.db};
+      const useUrl = ${JSON.stringify(!!this.url)};
+      const url = ${JSON.stringify(this.url)};
+      const args = ${JSON.stringify(args)};
+      // Try the redis npm package first
+      let redisAvailable = false;
+      try {
+        require.resolve("redis");
+        redisAvailable = true;
+      } catch {}
+      if (redisAvailable) {
+        const redis = require("redis");
+        (async () => {
+          try {
+            const clientOpts = useUrl
+              ? { url }
+              : { socket: { host, port }, password: password || undefined, database: db };
+            const client = redis.createClient(clientOpts);
+            client.on("error", () => {});
+            await client.connect();
+            const cmd = args[0].toUpperCase();
+            let result;
+            if (cmd === "GET") {
+              result = await client.get(args[1]);
+            } else if (cmd === "SET") {
+              result = await client.set(args[1], args[2]);
+            } else if (cmd === "SETEX") {
+              result = await client.setEx(args[1], parseInt(args[2], 10), args[3]);
+            } else if (cmd === "DEL") {
+              result = await client.del(args[1]);
+            }
+            await client.quit();
+            if (result === null || result === undefined) {
+              process.stdout.write("__NULL__");
+            } else {
+              process.stdout.write(String(result));
+            }
+          } catch (err) {
+            process.stderr.write(err.message);
+            process.exit(1);
+          }
+        })();
+      } else {
+        // Fallback: raw TCP RESP protocol (no redis package needed)
+        const actualHost = useUrl ? (() => {
+          try { const u = new URL(url); return u.hostname || "127.0.0.1"; } catch { return "127.0.0.1"; }
+        })() : host;
+        const actualPort = useUrl ? (() => {
+          try { const u = new URL(url); return parseInt(u.port, 10) || 6379; } catch { return 6379; }
+        })() : port;
+        function buildCommand(a) {
+          let cmd = "*" + a.length + "\\r\\n";
+          for (const s of a) cmd += "$" + Buffer.byteLength(s) + "\\r\\n" + s + "\\r\\n";
+          return cmd;
+        }
+        const sock = net.createConnection({ host: actualHost, port: actualPort }, () => {
+          let commands = "";
+          if (password) commands += buildCommand(["AUTH", password]);
+          if (db !== 0) commands += buildCommand(["SELECT", String(db)]);
+          commands += buildCommand(args);
+          sock.write(commands);
+        });
+        let buffer = Buffer.alloc(0);
+        sock.on("data", (chunk) => {
+          buffer = Buffer.concat([buffer, chunk]);
+        });
+        sock.on("end", () => {
+          const lines = buffer.toString("utf-8").split("\\r\\n");
+          let responses = [];
+          let i = 0;
+          while (i < lines.length) {
+            const line = lines[i];
+            if (!line) { i++; continue; }
+            if (line.startsWith("+") || line.startsWith("-") || line.startsWith(":")) {
+              responses.push(line);
+              i++;
+            } else if (line.startsWith("$")) {
+              const len = parseInt(line.slice(1), 10);
+              if (len === -1) { responses.push(null); i++; }
+              else { responses.push(lines[i+1] || ""); i += 2; }
+            } else { i++; }
+          }
+          const result = responses[responses.length - 1];
+          if (result === null) process.stdout.write("__NULL__");
+          else if (typeof result === "string" && result.startsWith("-")) process.stdout.write("__ERR__" + result);
+          else process.stdout.write(String(result ?? "__NULL__"));
+        });
+        sock.on("error", (err) => {
+          process.stderr.write(err.message);
+          process.exit(1);
+        });
+        setTimeout(() => { sock.destroy(); process.exit(1); }, 3000);
+      }
+    `;
+    try {
+      const result = execFileSync(process.execPath, ["-e", script], {
+        encoding: "utf-8",
+        timeout: 5000,
+        stdio: ["pipe", "pipe", "pipe"],
+      });
+      if (result === "__NULL__") return "";
+      if (result.startsWith("__ERR__")) return "";
+      return result;
+    } catch {
+      return "";
+    }
+  }
+  private key(sessionId: string): string {
+    return `${this.prefix}${sessionId}`;
+  }
+  read(sessionId: string): SessionData | null {
+    const raw = this.execSync(["GET", this.key(sessionId)]);
+    if (!raw) return null;
+    try {
+      return JSON.parse(raw) as SessionData;
+    } catch {
+      return null;
+    }
+  }
+  write(sessionId: string, data: SessionData, ttl: number): void {
+    const json = JSON.stringify(data);
+    if (ttl > 0) {
+      this.execSync(["SETEX", this.key(sessionId), String(ttl), json]);
+    } else {
+      this.execSync(["SET", this.key(sessionId), json]);
+    }
+  }
+  destroy(sessionId: string): void {
+    this.execSync(["DEL", this.key(sessionId)]);
+  }
+}

package/packages/core/src/types.ts CHANGED Viewed

@@ -3,8 +3,8 @@ import type { IncomingMessage, ServerResponse } from "node:http";
 export interface UploadedFile {
   fieldName: string;
   filename: string;
-  contentType: string;
-  data: Buffer;
+  type: string;
+  content: Buffer;
   size: number;
 }
@@ -69,6 +69,10 @@ export interface RouteDefinition {
   middlewares?: Middleware[];
   /** Template file to render when handler returns a plain object */
   template?: string;
+  /** Whether this route requires bearer-token authentication */
+  secure?: boolean;
+  /** Whether this route's response should be cached */
+  cached?: boolean;
 }
 export interface RouteMeta {
@@ -103,12 +107,14 @@ export type Middleware = (
 /**
  * Handler for WebSocket routes.
- * conn — a connection-like object with send/close methods.
- * message — the incoming text or binary message.
+ * connection — object with send/broadcast/close methods and route params.
+ * event — one of "open", "message", or "close".
+ * data — the incoming text message (only present for "message" events).
  */
 export type WebSocketRouteHandler = (
-  conn: { id: string; send: (data: string) => void; close: () => void },
-  message: string | Buffer,
+  connection: import("./websocketConnection.js").WebSocketConnection,
+  event: "open" | "message" | "close",
+  data: string,
 ) => void | Promise<void>;
 export interface WebSocketRouteDefinition {

package/packages/core/src/websocket.ts CHANGED Viewed

@@ -52,6 +52,8 @@ export interface WebSocketClient {
   ip: string;
   connectedAt: number;
   closed: boolean;
+  /** The URL path this client connected on (e.g. "/chat", "/notifications"). */
+  path: string;
 }
 type EventHandler = (...args: unknown[]) => void;
@@ -185,14 +187,20 @@ export class WebSocketServer {
   /**
    * Broadcast a message to all connected clients.
+   *
+   * When `path` is provided, only clients connected on that specific path
+   * receive the message (matching PHP's WebSocket::broadcast behaviour).
+   * When `path` is omitted/undefined, all clients receive the message
+   * (backward compatible).
    */
-  broadcast(message: string, excludeIds?: string[]): void {
+  broadcast(message: string, excludeIds?: string[], path?: string): void {
     const frame = buildFrame(OP_TEXT, Buffer.from(message, "utf-8"));
     const exclude = new Set(excludeIds ?? []);
     for (const [id, client] of this.clients) {
       if (exclude.has(id)) continue;
       if (client.closed) continue;
+      if (path !== undefined && client.path !== path) continue;
       try {
         client.socket.write(frame);
       } catch {
@@ -310,7 +318,7 @@ export class WebSocketServer {
     socket.write(response);
-    // Create client
+    // Create client — track the URL path for path-scoped broadcast
     const clientId = randomUUID().slice(0, 8);
     const client: WebSocketClient = {
       id: clientId,
@@ -318,6 +326,7 @@ export class WebSocketServer {
       ip: (socket.remoteAddress ?? "unknown"),
       connectedAt: Date.now(),
       closed: false,
+      path: req.url ?? "/",
     };
     this.clients.set(clientId, client);

package/packages/core/src/websocketConnection.ts CHANGED Viewed

@@ -5,12 +5,14 @@
 export interface WebSocketConnection {
   /** Unique connection identifier */
   id: string;
-  /** Send a message to this connection */
+  /** Send a message to this connection only */
   send(message: string): void;
-  /** Broadcast a message to all other connections on the same path */
+  /** Broadcast a message to all connections on the same path (path-scoped) */
   broadcast(message: string): void;
   /** Close this connection */
   close(): void;
   /** The WebSocket route path this connection is on */
   path: string;
+  /** Route parameters extracted from `{param}` segments in the path */
+  params: Record<string, string>;
 }

package/packages/frond/src/engine.ts CHANGED Viewed

@@ -757,8 +757,16 @@ const BUILTIN_FILTERS: Record<string, FilterFn> = {
   slug: (v) => String(v).toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, ""),
   md5: (v) => createHash("md5").update(String(v)).digest("hex"),
   sha256: (v) => createHash("sha256").update(String(v)).digest("hex"),
-  base64_encode: (v) => Buffer.from(String(v)).toString("base64"),
+  base64_encode: (v) => Buffer.isBuffer(v) ? v.toString("base64") : Buffer.from(String(v)).toString("base64"),
   base64_decode: (v) => Buffer.from(String(v), "base64").toString("utf-8"),
+  data_uri: (v) => {
+    if (v && typeof v === "object" && "content" in v) {
+      const ct = (v as any).type ?? "application/octet-stream";
+      const raw = Buffer.isBuffer((v as any).content) ? (v as any).content : Buffer.from(String((v as any).content));
+      return `data:${ct};base64,${raw.toString("base64")}`;
+    }
+    return String(v);
+  },
   url_encode: (v) => encodeURIComponent(String(v)),
   format: (v, ...args) => {
     let s = String(v);
@@ -1155,6 +1163,63 @@ export class Frond {
   }
   private evalVar(expr: string, context: Record<string, unknown>): unknown {
+    // Check for top-level ternary BEFORE splitting filters so that
+    // expressions like ``products|length != 1 ? "s" : ""`` work correctly.
+    const ternaryIdx = findTernary(expr);
+    if (ternaryIdx !== -1) {
+      const condPart = expr.slice(0, ternaryIdx).trim();
+      const rest = expr.slice(ternaryIdx + 1);
+      const colonIdx = findColon(rest);
+      if (colonIdx !== -1) {
+        const truePart = rest.slice(0, colonIdx).trim();
+        const falsePart = rest.slice(colonIdx + 1).trim();
+        const cond = this.evalVarRaw(condPart, context);
+        return cond ? this.evalVar(truePart, context) : this.evalVar(falsePart, context);
+      }
+    }
+    return this.evalVarInner(expr, context);
+  }
+  private evalVarRaw(expr: string, context: Record<string, unknown>): unknown {
+    const [varName, filters] = parseFilterChain(expr);
+    let value = evalExpr(varName, context);
+    for (const [fname, args] of filters) {
+      if (fname === "raw" || fname === "safe") continue;
+      const fn = this.filters[fname];
+      if (fn) {
+        value = fn(value, ...args);
+      } else {
+        // The filter name may include a trailing comparison operator,
+        // e.g. "length != 1".  Extract the real filter name and the
+        // comparison suffix, apply the filter, then evaluate the comparison.
+        const m = fname.match(/^(\w+)\s*(!=|==|>=|<=|>|<)\s*(.+)$/);
+        if (m) {
+          const realFilter = m[1];
+          const op = m[2];
+          const rightExpr = m[3].trim();
+          const fn2 = this.filters[realFilter];
+          if (fn2) {
+            value = fn2(value, ...args);
+          }
+          const right = evalExpr(rightExpr, context);
+          switch (op) {
+            case "!=": value = value !== right; break;
+            case "==": value = value === right; break;
+            case ">=": value = (value as number) >= (right as number); break;
+            case "<=": value = (value as number) <= (right as number); break;
+            case ">":  value = (value as number) > (right as number); break;
+            case "<":  value = (value as number) < (right as number); break;
+          }
+        } else {
+          value = evalExpr(fname, context);
+        }
+      }
+    }
+    return value;
+  }
+  private evalVarInner(expr: string, context: Record<string, unknown>): unknown {
     const [varName, filters] = parseFilterChain(expr);
     // Sandbox: check variable access

package/packages/orm/src/autoCrud.ts CHANGED Viewed

@@ -8,11 +8,16 @@ export function generateCrudRoutes(models: DiscoveredModel[]): RouteDefinition[]
   const routes: RouteDefinition[] = [];
   for (const { definition } of models) {
-    const { tableName, fields, softDelete, tableFilter } = definition;
+    const { tableName, fields, softDelete, tableFilter, fieldMapping } = definition;
     const basePath = `/api/${tableName}`;
+    const mapping = fieldMapping ?? {};
-    // Find primary key field
+    // Helper to get DB column name for a JS property name
+    const getDbCol = (prop: string): string => mapping[prop] ?? prop;
+    // Find primary key field (JS property name) and its DB column name
     const pkField = Object.entries(fields).find(([, def]) => def.primaryKey)?.[0] ?? "id";
+    const pkColumn = getDbCol(pkField);
     // Build extra WHERE conditions for soft delete and table filter
     const extraConditions: string[] = [];
@@ -65,7 +70,7 @@ export function generateCrudRoutes(models: DiscoveredModel[]): RouteDefinition[]
       },
       handler: async (req: Tina4Request, res: Tina4Response) => {
         const adapter = getAdapter();
-        const conditions = [`"${pkField}" = ?`, ...extraConditions];
+        const conditions = [`"${pkColumn}" = ?`, ...extraConditions];
         const items = adapter.query(
           `SELECT * FROM "${tableName}" WHERE ${conditions.join(" AND ")}`,
           [req.params.id],
@@ -112,7 +117,7 @@ export function generateCrudRoutes(models: DiscoveredModel[]): RouteDefinition[]
           insertFields.push(["is_deleted", 0]);
         }
-        const columns = insertFields.map(([k]) => `"${k}"`).join(", ");
+        const columns = insertFields.map(([k]) => `"${getDbCol(k)}"`).join(", ");
         const placeholders = insertFields.map(() => "?").join(", ");
         const values = insertFields.map(([, v]) => v);
@@ -123,7 +128,7 @@ export function generateCrudRoutes(models: DiscoveredModel[]): RouteDefinition[]
         const id = result.lastInsertRowid;
         const created = adapter.query(
-          `SELECT * FROM "${tableName}" WHERE "${pkField}" = ?`,
+          `SELECT * FROM "${tableName}" WHERE "${pkColumn}" = ?`,
           [id],
         );
@@ -155,7 +160,7 @@ export function generateCrudRoutes(models: DiscoveredModel[]): RouteDefinition[]
         const adapter = getAdapter();
         // Check exists (respect soft delete)
-        const conditions = [`"${pkField}" = ?`, ...extraConditions];
+        const conditions = [`"${pkColumn}" = ?`, ...extraConditions];
         const existing = adapter.query(
           `SELECT * FROM "${tableName}" WHERE ${conditions.join(" AND ")}`,
           [req.params.id],
@@ -172,16 +177,16 @@ export function generateCrudRoutes(models: DiscoveredModel[]): RouteDefinition[]
           return;
         }
-        const setClause = updateFields.map(([k]) => `"${k}" = ?`).join(", ");
+        const setClause = updateFields.map(([k]) => `"${getDbCol(k)}" = ?`).join(", ");
         const values = [...updateFields.map(([, v]) => v), req.params.id];
         adapter.execute(
-          `UPDATE "${tableName}" SET ${setClause} WHERE "${pkField}" = ?`,
+          `UPDATE "${tableName}" SET ${setClause} WHERE "${pkColumn}" = ?`,
           values,
         );
         const updated = adapter.query(
-          `SELECT * FROM "${tableName}" WHERE "${pkField}" = ?`,
+          `SELECT * FROM "${tableName}" WHERE "${pkColumn}" = ?`,
           [req.params.id],
         );
@@ -200,7 +205,7 @@ export function generateCrudRoutes(models: DiscoveredModel[]): RouteDefinition[]
       handler: async (req: Tina4Request, res: Tina4Response) => {
         const adapter = getAdapter();
-        const conditions = [`"${pkField}" = ?`, ...extraConditions];
+        const conditions = [`"${pkColumn}" = ?`, ...extraConditions];
         const existing = adapter.query(
           `SELECT * FROM "${tableName}" WHERE ${conditions.join(" AND ")}`,
           [req.params.id],
@@ -212,13 +217,13 @@ export function generateCrudRoutes(models: DiscoveredModel[]): RouteDefinition[]
         if (softDelete) {
           adapter.execute(
-            `UPDATE "${tableName}" SET is_deleted = 1 WHERE "${pkField}" = ?`,
+            `UPDATE "${tableName}" SET is_deleted = 1 WHERE "${pkColumn}" = ?`,
             [req.params.id],
           );
           res.json({ message: "Deleted (soft)", data: existing[0] });
         } else {
           adapter.execute(
-            `DELETE FROM "${tableName}" WHERE "${pkField}" = ?`,
+            `DELETE FROM "${tableName}" WHERE "${pkColumn}" = ?`,
             [req.params.id],
           );
           res.json({ message: "Deleted", data: existing[0] });