npm - wabe - Versions diffs - 0.6.9 → 0.6.10 - Mend

wabe 0.6.9 → 0.6.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (158) hide show

package/README.md +138 -32
package/bucket/b.txt +1 -0
package/dev/index.ts +215 -0
package/dist/authentication/Session.d.ts +4 -1
package/dist/authentication/interface.d.ts +16 -0
package/dist/email/interface.d.ts +1 -1
package/dist/graphql/resolvers.d.ts +4 -2
package/dist/hooks/index.d.ts +1 -0
package/dist/index.d.ts +0 -1
package/dist/index.js +8713 -8867
package/dist/server/index.d.ts +4 -2
package/dist/utils/crypto.d.ts +7 -0
package/dist/utils/helper.d.ts +4 -1
package/generated/schema.graphql +16 -14
package/generated/wabe.ts +4 -4
package/package.json +15 -15
package/src/authentication/OTP.test.ts +69 -0
package/src/authentication/OTP.ts +66 -0
package/src/authentication/Session.test.ts +665 -0
package/src/authentication/Session.ts +529 -0
package/src/authentication/defaultAuthentication.ts +214 -0
package/src/authentication/index.ts +3 -0
package/src/authentication/interface.ts +157 -0
package/src/authentication/oauth/GitHub.test.ts +105 -0
package/src/authentication/oauth/GitHub.ts +133 -0
package/src/authentication/oauth/Google.test.ts +105 -0
package/src/authentication/oauth/Google.ts +110 -0
package/src/authentication/oauth/Oauth2Client.test.ts +225 -0
package/src/authentication/oauth/Oauth2Client.ts +140 -0
package/src/authentication/oauth/index.ts +2 -0
package/src/authentication/oauth/utils.test.ts +35 -0
package/src/authentication/oauth/utils.ts +28 -0
package/src/authentication/providers/EmailOTP.test.ts +138 -0
package/src/authentication/providers/EmailOTP.ts +93 -0
package/src/authentication/providers/EmailPassword.test.ts +187 -0
package/src/authentication/providers/EmailPassword.ts +130 -0
package/src/authentication/providers/EmailPasswordSRP.test.ts +206 -0
package/src/authentication/providers/EmailPasswordSRP.ts +184 -0
package/src/authentication/providers/GitHub.ts +30 -0
package/src/authentication/providers/Google.ts +30 -0
package/src/authentication/providers/OAuth.test.ts +185 -0
package/src/authentication/providers/OAuth.ts +112 -0
package/src/authentication/providers/PhonePassword.test.ts +187 -0
package/src/authentication/providers/PhonePassword.ts +129 -0
package/src/authentication/providers/QRCodeOTP.test.ts +79 -0
package/src/authentication/providers/QRCodeOTP.ts +65 -0
package/src/authentication/providers/index.ts +6 -0
package/src/authentication/resolvers/refreshResolver.test.ts +37 -0
package/src/authentication/resolvers/refreshResolver.ts +20 -0
package/src/authentication/resolvers/signInWithResolver.inte.test.ts +59 -0
package/src/authentication/resolvers/signInWithResolver.test.ts +307 -0
package/src/authentication/resolvers/signInWithResolver.ts +102 -0
package/src/authentication/resolvers/signOutResolver.test.ts +41 -0
package/src/authentication/resolvers/signOutResolver.ts +22 -0
package/src/authentication/resolvers/signUpWithResolver.test.ts +186 -0
package/src/authentication/resolvers/signUpWithResolver.ts +69 -0
package/src/authentication/resolvers/verifyChallenge.test.ts +136 -0
package/src/authentication/resolvers/verifyChallenge.ts +69 -0
package/src/authentication/roles.test.ts +59 -0
package/src/authentication/roles.ts +40 -0
package/src/authentication/utils.test.ts +99 -0
package/src/authentication/utils.ts +43 -0
package/src/cache/InMemoryCache.test.ts +62 -0
package/src/cache/InMemoryCache.ts +45 -0
package/src/cron/index.test.ts +17 -0
package/src/cron/index.ts +46 -0
package/src/database/DatabaseController.test.ts +625 -0
package/src/database/DatabaseController.ts +983 -0
package/src/database/index.test.ts +1230 -0
package/src/database/index.ts +9 -0
package/src/database/interface.ts +312 -0
package/src/email/DevAdapter.ts +8 -0
package/src/email/EmailController.test.ts +29 -0
package/src/email/EmailController.ts +13 -0
package/src/email/index.ts +2 -0
package/src/email/interface.ts +36 -0
package/src/email/templates/sendOtpCode.ts +120 -0
package/src/file/FileController.ts +28 -0
package/src/file/FileDevAdapter.ts +54 -0
package/src/file/hookDeleteFile.ts +27 -0
package/src/file/hookReadFile.ts +70 -0
package/src/file/hookUploadFile.ts +53 -0
package/src/file/index.test.ts +979 -0
package/src/file/index.ts +2 -0
package/src/file/interface.ts +42 -0
package/src/graphql/GraphQLSchema.test.ts +4399 -0
package/src/graphql/GraphQLSchema.ts +928 -0
package/src/graphql/index.ts +2 -0
package/src/graphql/parseGraphqlSchema.ts +94 -0
package/src/graphql/parser.test.ts +217 -0
package/src/graphql/parser.ts +566 -0
package/src/graphql/pointerAndRelationFunction.ts +200 -0
package/src/graphql/resolvers.ts +467 -0
package/src/graphql/tests/aggregation.test.ts +1123 -0
package/src/graphql/tests/e2e.test.ts +596 -0
package/src/graphql/tests/scalars.test.ts +250 -0
package/src/graphql/types.ts +219 -0
package/src/hooks/HookObject.test.ts +122 -0
package/src/hooks/HookObject.ts +168 -0
package/src/hooks/authentication.ts +76 -0
package/src/hooks/createUser.test.ts +77 -0
package/src/hooks/createUser.ts +10 -0
package/src/hooks/defaultFields.test.ts +187 -0
package/src/hooks/defaultFields.ts +40 -0
package/src/hooks/deleteSession.test.ts +181 -0
package/src/hooks/deleteSession.ts +20 -0
package/src/hooks/hashFieldHook.test.ts +163 -0
package/src/hooks/hashFieldHook.ts +97 -0
package/src/hooks/index.test.ts +207 -0
package/src/hooks/index.ts +430 -0
package/src/hooks/permissions.test.ts +424 -0
package/src/hooks/permissions.ts +113 -0
package/src/hooks/protected.test.ts +551 -0
package/src/hooks/protected.ts +72 -0
package/src/hooks/searchableFields.test.ts +166 -0
package/src/hooks/searchableFields.ts +98 -0
package/src/hooks/session.test.ts +138 -0
package/src/hooks/session.ts +78 -0
package/src/hooks/setEmail.test.ts +216 -0
package/src/hooks/setEmail.ts +35 -0
package/src/hooks/setupAcl.test.ts +589 -0
package/src/hooks/setupAcl.ts +29 -0
package/src/index.ts +9 -0
package/src/schema/Schema.test.ts +484 -0
package/src/schema/Schema.ts +795 -0
package/src/schema/defaultResolvers.ts +94 -0
package/src/schema/index.ts +1 -0
package/src/schema/resolvers/meResolver.test.ts +62 -0
package/src/schema/resolvers/meResolver.ts +14 -0
package/src/schema/resolvers/newFile.ts +0 -0
package/src/schema/resolvers/resetPassword.test.ts +345 -0
package/src/schema/resolvers/resetPassword.ts +64 -0
package/src/schema/resolvers/sendEmail.test.ts +118 -0
package/src/schema/resolvers/sendEmail.ts +21 -0
package/src/schema/resolvers/sendOtpCode.test.ts +153 -0
package/src/schema/resolvers/sendOtpCode.ts +52 -0
package/src/security.test.ts +3461 -0
package/src/server/defaultSessionHandler.test.ts +66 -0
package/src/server/defaultSessionHandler.ts +115 -0
package/src/server/generateCodegen.ts +476 -0
package/src/server/index.test.ts +552 -0
package/src/server/index.ts +354 -0
package/src/server/interface.ts +11 -0
package/src/server/routes/authHandler.ts +187 -0
package/src/server/routes/index.ts +40 -0
package/src/utils/crypto.test.ts +41 -0
package/src/utils/crypto.ts +121 -0
package/src/utils/export.ts +13 -0
package/src/utils/helper.ts +195 -0
package/src/utils/index.test.ts +11 -0
package/src/utils/index.ts +201 -0
package/src/utils/preload.ts +8 -0
package/src/utils/testHelper.ts +117 -0
package/tsconfig.json +32 -0
package/bunfig.toml +0 -4
package/dist/ai/index.d.ts +0 -1
package/dist/ai/interface.d.ts +0 -9
/package/dist/server/{defaultHandlers.d.ts → defaultSessionHandler.d.ts} +0 -0

package/src/hooks/protected.test.ts ADDED Viewed

@@ -0,0 +1,551 @@
+import { describe, expect, it, beforeAll, afterAll } from 'bun:test'
+import {
+	createUserAndUpdateRole,
+	type DevWabeTypes,
+	getAnonymousClient,
+	getGraphqlClient,
+} from '../utils/helper'
+import { setupTests, closeTests } from '../utils/testHelper'
+import type { Wabe } from '../server'
+import { RoleEnum } from '../../generated/wabe'
+import { gql, type GraphQLClient } from 'graphql-request'
+describe('Protected hook', () => {
+	let wabe: Wabe<DevWabeTypes>
+	let anonymousClient: GraphQLClient
+	let rootClient: GraphQLClient
+	beforeAll(async () => {
+		const setup = await setupTests([
+			{
+				name: 'Test',
+				fields: {
+					name: {
+						type: 'String',
+						protected: {
+							authorizedRoles: [RoleEnum.Client],
+							protectedOperations: ['update', 'read'],
+						},
+					},
+					noOne: {
+						type: 'String',
+						protected: {
+							authorizedRoles: [],
+							protectedOperations: ['update', 'read'],
+						},
+					},
+					rootOnly: {
+						type: 'String',
+						protected: {
+							authorizedRoles: ['rootOnly'],
+							protectedOperations: ['update', 'read'],
+						},
+					},
+					notOperation: {
+						type: 'String',
+						protected: {
+							authorizedRoles: [RoleEnum.Client],
+							protectedOperations: ['update'],
+						},
+					},
+					notOperationUpdate: {
+						type: 'String',
+						protected: {
+							authorizedRoles: [RoleEnum.Client],
+							protectedOperations: ['read'],
+						},
+					},
+				},
+				permissions: {
+					read: {
+						authorizedRoles: ['everyone'],
+						requireAuthentication: true,
+					},
+					create: {
+						authorizedRoles: ['everyone'],
+						requireAuthentication: true,
+					},
+					update: {
+						authorizedRoles: ['everyone'],
+						requireAuthentication: true,
+					},
+				},
+			},
+		])
+		wabe = setup.wabe
+		anonymousClient = getAnonymousClient(setup.port)
+		rootClient = getGraphqlClient(setup.port)
+	})
+	afterAll(async () => {
+		await closeTests(wabe)
+	})
+	it('should not throw an error if the operation in not in the list of protected operations (read)', async () => {
+		const { userClient } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Client,
+			port: wabe.config.port,
+		})
+		const { userClient: userClient2 } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Admin,
+			port: wabe.config.port,
+		})
+		await userClient.request<any>(gql`
+      mutation createTest {
+          createTest(input: {fields: {name: "test"}}) {
+              test {
+                  name
+              }
+          }
+      }
+      `)
+		expect(
+			userClient.request<any>(gql`
+     query tests {
+         tests {
+             edges {
+                 node {
+                     notOperation
+                 }
+             }
+         }
+     }
+     `),
+		).resolves.toEqual(expect.anything())
+		expect(
+			userClient2.request<any>(gql`
+     query tests {
+         tests {
+             edges {
+                 node {
+                     notOperation
+                 }
+             }
+         }
+     }
+     `),
+		).resolves.toEqual(expect.anything())
+	})
+	it('should not throw an error if the operation in not in the list of protected operations (update)', async () => {
+		const { userClient } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Client,
+			port: wabe.config.port,
+		})
+		const { userClient: userClient2 } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Admin,
+			port: wabe.config.port,
+		})
+		const res = await userClient.request<any>(gql`
+      mutation createTest {
+          createTest(input: {fields: {name: "test"}}) {
+              test {
+                  id
+                  name
+              }
+          }
+      }
+      `)
+		expect(
+			userClient.request<any>(gql`
+          mutation updateTest {
+              updateTest(input: {id: "${res.createTest.test.id}", fields: {notOperationUpdate: "test2"}}) {
+                  ok
+             }
+          }
+     `),
+		).resolves.toEqual(expect.anything())
+		expect(
+			userClient2.request<any>(gql`
+          mutation updateTest {
+              updateTest(input: {id: "${res.createTest.test.id}", fields: {notOperationUpdate: "test2"}}) {
+                  ok
+             }
+          }
+     `),
+		).resolves.toEqual(expect.anything())
+	})
+	it("should throw an error if the user doesn't have the right role on read", async () => {
+		const { userClient } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Client,
+			port: wabe.config.port,
+		})
+		const { userClient: userClient2 } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Admin,
+			port: wabe.config.port,
+		})
+		await userClient.request<any>(gql`
+      mutation createTest {
+          createTest(input: {fields: {name: "test"}}) {
+              test {
+                  name
+              }
+          }
+      }
+      `)
+		expect(
+			userClient.request<any>(gql`
+     query tests {
+         tests {
+             edges {
+                 node {
+                     name
+                 }
+             }
+         }
+     }
+     `),
+		).resolves.toEqual(expect.anything())
+		expect(
+			userClient2.request<any>(gql`
+     query tests {
+         tests {
+             edges {
+                 node {
+                     name
+                 }
+             }
+         }
+     }
+     `),
+		).rejects.toThrowError('You are not authorized to read this field')
+	})
+	it("should throw an error if the user doesn't have the right role on update", async () => {
+		const { userClient } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Client,
+			port: wabe.config.port,
+		})
+		const { userClient: userClient2 } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Admin,
+			port: wabe.config.port,
+		})
+		const res = await userClient.request<any>(gql`
+      mutation createTest {
+          createTest(input: {fields: {name: "test"}}) {
+              test {
+                  id
+                  name
+              }
+          }
+      }
+      `)
+		await userClient.request<any>(gql`
+     mutation updateTest {
+         updateTest(input: {id: "${res.createTest.test.id}", fields: {name: "test2"}}) {
+             test {
+                 id
+             }
+         }
+     }
+     `)
+		expect(
+			userClient2.request<any>(gql`
+          mutation updateTest {
+              updateTest(input: {id: "${res.createTest.test.id}", fields: {name: "test2"}}) {
+                  test {
+                      name
+                  }
+              }
+          }
+     `),
+		).rejects.toThrowError('You are not authorized to update this field')
+	})
+	it('should throw an error no one have the right role on read', async () => {
+		const { userClient } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Client,
+			port: wabe.config.port,
+		})
+		const { userClient: userClient2 } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Admin,
+			port: wabe.config.port,
+		})
+		await userClient.request<any>(gql`
+      mutation createTest {
+          createTest(input: {fields: {noOne: "test"}}) {
+              test {
+                  id
+                  name
+              }
+          }
+      }
+      `)
+		expect(
+			rootClient.request<any>(gql`
+          query tests {
+              tests {
+                  edges {
+                      node {
+                          noOne
+                      }
+                  }
+              }
+          }
+     `),
+		).rejects.toThrowError('You are not authorized to read this field')
+		expect(
+			userClient.request<any>(gql`
+          query tests {
+              tests {
+                  edges {
+                      node {
+                          noOne
+                      }
+                  }
+              }
+          }
+     `),
+		).rejects.toThrowError('You are not authorized to read this field')
+		expect(
+			userClient2.request<any>(gql`
+          query tests {
+              tests {
+                  edges {
+                      node {
+                          noOne
+                      }
+                  }
+              }
+          }
+     `),
+		).rejects.toThrowError('You are not authorized to read this field')
+	})
+	it('should throw an error no one have the right role on update', async () => {
+		const { userClient } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Client,
+			port: wabe.config.port,
+		})
+		const { userClient: userClient2 } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Admin,
+			port: wabe.config.port,
+		})
+		const res = await userClient.request<any>(gql`
+      mutation createTest {
+          createTest(input: {fields: {noOne: "test"}}) {
+              test {
+                  id
+                  name
+              }
+          }
+      }
+      `)
+		expect(
+			rootClient.request<any>(gql`
+     mutation updateTest {
+         updateTest(input: {id: "${res.createTest.test.id}", fields: {noOne: "test2"}}) {
+             test {
+                 id
+             }
+         }
+     }
+     `),
+		).rejects.toThrowError('You are not authorized to update this field')
+		expect(
+			userClient.request<any>(gql`
+     mutation updateTest {
+         updateTest(input: {id: "${res.createTest.test.id}", fields: {noOne: "test2"}}) {
+             test {
+                 id
+             }
+         }
+     }
+     `),
+		).rejects.toThrowError('You are not authorized to update this field')
+		expect(
+			userClient2.request<any>(gql`
+          mutation updateTest {
+              updateTest(input: {id: "${res.createTest.test.id}", fields: {name: "test2"}}) {
+                  test {
+                      name
+                  }
+              }
+          }
+     `),
+		).rejects.toThrowError('You are not authorized to update this field')
+	})
+	it('should allow only root to read a field protected by rootOnly', async () => {
+		const { userClient } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Client,
+			port: wabe.config.port,
+		})
+		const { userClient: userClient2 } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Admin,
+			port: wabe.config.port,
+		})
+		await rootClient.request<any>(gql`
+      mutation createTest {
+          createTest(input: {fields: {name: "test"}}) {
+              test {
+                  id
+              }
+          }
+      }
+    `)
+		expect(
+			rootClient.request<any>(gql`
+        query tests {
+            tests {
+                edges {
+                    node {
+                        rootOnly
+                    }
+                }
+            }
+        }
+      `),
+		).resolves.toEqual(expect.anything())
+		expect(
+			userClient.request<any>(gql`
+        query tests {
+            tests {
+                edges {
+                    node {
+                        rootOnly
+                    }
+                }
+            }
+        }
+      `),
+		).rejects.toThrow('You are not authorized to read this field')
+		expect(
+			userClient2.request<any>(gql`
+        query tests {
+            tests {
+                edges {
+                    node {
+                        rootOnly
+                    }
+                }
+            }
+        }
+      `),
+		).rejects.toThrowError('You are not authorized to read this field')
+	})
+	it('should allow only root to update a field protected by rootOnly', async () => {
+		const { userClient } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Client,
+			port: wabe.config.port,
+		})
+		const { userClient: userClient2 } = await createUserAndUpdateRole({
+			anonymousClient,
+			rootClient,
+			roleName: RoleEnum.Admin,
+			port: wabe.config.port,
+		})
+		const res = await rootClient.request<any>(gql`
+      mutation createTest {
+          createTest(input: {fields: {name: "test"}}) {
+              test {
+                  id
+              }
+          }
+      }
+    `)
+		// Root client should be able to update
+		expect(
+			rootClient.request<any>(gql`
+        mutation updateTest {
+            updateTest(input: {id: "${res.createTest.test.id}", fields: {rootOnly: "updatedTest"}}) {
+                test {
+                    rootOnly
+                }
+            }
+        }
+      `),
+		).resolves.toEqual(expect.anything())
+		// User clients should not be able to update
+		expect(
+			userClient.request<any>(gql`
+        mutation updateTest {
+            updateTest(input: {id: "${res.createTest.test.id}", fields: {rootOnly: "updatedTest"}}) {
+                test {
+                    rootOnly
+                }
+            }
+        }
+      `),
+		).rejects.toThrowError('You are not authorized to update this field')
+		expect(
+			userClient2.request<any>(gql`
+        mutation updateTest {
+            updateTest(input: {id: "${res.createTest.test.id}", fields: {rootOnly: "updatedTest"}}) {
+                test {
+                    rootOnly
+                }
+            }
+        }
+      `),
+		).rejects.toThrowError('You are not authorized to update this field')
+	})
+})

package/src/hooks/protected.ts ADDED Viewed

@@ -0,0 +1,72 @@
+import { OperationType } from '.'
+import type { DevWabeTypes } from '../utils/helper'
+import type { HookObject } from './HookObject'
+const _checkProtected = (
+	hookObject: HookObject<DevWabeTypes, any>,
+	operationType: OperationType,
+) => {
+	const schemaClass = hookObject.context.wabe.config.schema?.classes?.find(
+		(currentClass) => currentClass.name === hookObject.className,
+	)
+	if (!schemaClass) return
+	const userRole = hookObject.getUser()?.role?.name || ''
+	const isRoot = hookObject.context.isRoot
+	if (operationType === OperationType.BeforeRead) {
+		Object.keys(hookObject.select).forEach((fieldName) => {
+			const protectedForCurrentField = schemaClass.fields[fieldName]?.protected
+			if (!protectedForCurrentField) return
+			if (protectedForCurrentField?.protectedOperations.includes('read')) {
+				if (
+					isRoot &&
+					protectedForCurrentField.authorizedRoles.includes('rootOnly')
+				)
+					return
+				// @ts-expect-error
+				if (!protectedForCurrentField.authorizedRoles.includes(userRole))
+					throw new Error('You are not authorized to read this field')
+			}
+		})
+		return
+	}
+	const fieldsUpdated = hookObject.getNewData()
+	const operation =
+		operationType === OperationType.BeforeUpdate ? 'update' : 'create'
+	Object.keys(fieldsUpdated).forEach((fieldName) => {
+		const protectedForCurrentField = schemaClass.fields[fieldName]?.protected
+		if (protectedForCurrentField?.protectedOperations.includes(operation)) {
+			if (
+				isRoot &&
+				protectedForCurrentField.authorizedRoles.includes('rootOnly')
+			)
+				return
+			// @ts-expect-error
+			if (!protectedForCurrentField.authorizedRoles.includes(userRole))
+				throw new Error(`You are not authorized to ${operation} this field`)
+		}
+	})
+}
+export const defaultCheckProtectedOnBeforeRead = (
+	object: HookObject<DevWabeTypes, any>,
+) => _checkProtected(object, OperationType.BeforeRead)
+export const defaultCheckProtectedOnBeforeUpdate = (
+	object: HookObject<DevWabeTypes, any>,
+) => _checkProtected(object, OperationType.BeforeUpdate)
+export const defaultCheckProtectedOnBeforeCreate = (
+	object: HookObject<DevWabeTypes, any>,
+) => _checkProtected(object, OperationType.BeforeCreate)