wabe 0.6.9 → 0.6.11

package/src/hooks/HookObject.ts

@@ -0,0 +1,165 @@
+import type { OperationType } from '.'
+import type { RoleEnum, ACLObject } from '../../generated/wabe'
+import type { MutationData, OutputType, Select } from '../database'
+import type { WabeTypes } from '../server'
+import type { WabeContext } from '../server/interface'
+import { contextWithRoot } from '../utils/export'
+
+type AddACLOpptions = {
+	userId?: string
+	role?: RoleEnum
+	read: boolean
+	write: boolean
+} | null
+
+export class HookObject<T extends WabeTypes, K extends keyof WabeTypes['types']> {
+	public className: K
+	private newData: MutationData<T, K, keyof T['types'][K]> | undefined
+	public operationType: OperationType
+	public context: WabeContext<T>
+	public object: OutputType<T, K, keyof T['types'][K]>
+	// Object before any mutation, for example before delete
+	public originalObject: OutputType<T, K, keyof T['types'][K]> | undefined
+	public select: Select
+
+	constructor({
+		newData,
+		className,
+		operationType,
+		context,
+		object,
+		originalObject,
+		select,
+	}: {
+		className: K
+		newData?: MutationData<T, K, keyof T['types'][K]>
+		operationType: OperationType
+		context: WabeContext<T>
+		object: OutputType<T, K, keyof T['types'][K]>
+		originalObject?: OutputType<T, K, keyof T['types'][K]>
+		select: Select
+	}) {
+		this.newData = newData
+		this.className = className
+		this.operationType = operationType
+		this.context = context
+		this.object = object
+		this.originalObject = originalObject
+		this.select = select || {}
+	}
+
+	getUser() {
+		return this.context.user
+	}
+
+	isFieldUpdated(field: keyof T['types'][K]) {
+		return !!(this.newData && !!this.newData[field])
+	}
+
+	upsertNewData(field: keyof T['types'][K], value: any) {
+		if (!this.newData) return
+
+		if (!['beforeCreate', 'beforeUpdate'].includes(this.operationType))
+			throw new Error('Cannot set data in a hook that is not a before hook')
+
+		this.newData[field] = value
+	}
+
+	getNewData(): MutationData<T, K, keyof T['types'][K]> {
+		return this.newData || ({} as any)
+	}
+
+	fetch(): Promise<OutputType<T, K, keyof T['types'][K]>> {
+		const databaseController = this.context.wabe.controllers.database
+
+		if (!this.object?.id) return Promise.resolve(null)
+
+		return databaseController.getObject({
+			className: this.className,
+			id: this.object.id,
+			context: contextWithRoot(this.context),
+		})
+	}
+
+	async addACL(type: 'users' | 'roles', options: AddACLOpptions) {
+		const updateACL = async (newACLObject: any) => {
+			if (this.className === 'User') {
+				const currentUserId = this.object?.id
+
+				if (currentUserId)
+					await this.context.wabe.controllers.database.updateObject({
+						className: this.className,
+						context: contextWithRoot(this.context),
+						id: currentUserId,
+						data: {
+							// @ts-expect-error
+							acl: newACLObject,
+						},
+						select: {},
+					})
+
+				return
+			}
+
+			// @ts-expect-error
+			this.upsertNewData('acl', newACLObject)
+		}
+
+		const result =
+			this.className === 'User'
+				? await this.context.wabe.controllers.database.getObject({
+						className: 'User',
+						// @ts-expect-error
+						select: { acl: true },
+						// @ts-expect-error
+						id: this.object?.id,
+						context: contextWithRoot(this.context),
+					})
+				: // @ts-expect-error
+					{ acl: this.getNewData().acl }
+
+		const currentACL: ACLObject = result?.acl || {}
+
+		if (options === null) {
+			await updateACL({
+				...currentACL,
+				[type]: [],
+			})
+			return
+		}
+
+		const { userId, role, read, write } = options
+
+		if (userId && role) throw new Error('Cannot specify both userId and role')
+
+		if (role) {
+			const result = await this.context.wabe.controllers.database.getObjects({
+				className: 'Role',
+				// @ts-expect-error
+				select: { id: true },
+				// @ts-expect-error
+				where: {
+					name: {
+						equalTo: role,
+					},
+				},
+				context: contextWithRoot(this.context),
+			})
+
+			const roleId = result[0]?.id
+
+			await updateACL({
+				...currentACL,
+				[type]: [...(currentACL?.[type] || []), { roleId, read, write }],
+			})
+
+			return
+		}
+
+		// User ACL
+		await updateACL({
+			...currentACL,
+			[type]: [...(currentACL?.[type] || []), { userId, read, write }],
+		})
+	}
+}

package/src/hooks/authentication.ts

@@ -0,0 +1,67 @@
+import type { ProviderInterface } from '../authentication'
+import { getAuthenticationMethod } from '../authentication/utils'
+import type { DevWabeTypes } from '../utils/helper'
+import type { HookObject } from './HookObject'
+
+export const defaultCallAuthenticationProviderOnBeforeCreateUser = async (
+	hookObject: HookObject<any, any>,
+) => {
+	if (!hookObject.isFieldUpdated('authentication') || hookObject.getNewData().isOauth) return
+
+	const context = hookObject.context
+
+	const authentication = hookObject.getNewData().authentication
+
+	// Exception for SRP
+	if (authentication.emailPasswordSRP) return
+
+	const { provider, name } = getAuthenticationMethod<DevWabeTypes, ProviderInterface<DevWabeTypes>>(
+		Object.keys(authentication),
+		context,
+	)
+
+	const inputOfTheGoodAuthenticationMethod = authentication[name]
+
+	const { authenticationDataToSave } = await provider.onSignUp({
+		input: inputOfTheGoodAuthenticationMethod,
+		context,
+	})
+
+	hookObject.upsertNewData('authentication', {
+		[name]: authenticationDataToSave,
+	})
+}
+
+export const defaultCallAuthenticationProviderOnBeforeUpdateUser = async (
+	hookObject: HookObject<any, any>,
+) => {
+	if (!hookObject.isFieldUpdated('authentication') || hookObject.getNewData().isOauth) return
+
+	const context = hookObject.context
+
+	const authentication = hookObject.getNewData().authentication
+
+	// Exception for SRP
+	if (authentication.emailPasswordSRP) return
+
+	const { provider, name } = getAuthenticationMethod<DevWabeTypes, ProviderInterface<DevWabeTypes>>(
+		Object.keys(authentication),
+		context,
+	)
+
+	if (!provider.onUpdateAuthenticationData) return
+
+	const inputOfTheGoodAuthenticationMethod = authentication[name]
+
+	if (!hookObject.object?.id) return
+
+	const { authenticationDataToSave } = await provider.onUpdateAuthenticationData({
+		context,
+		input: inputOfTheGoodAuthenticationMethod,
+		userId: hookObject.object.id,
+	})
+
+	hookObject.upsertNewData('authentication', {
+		[name]: authenticationDataToSave,
+	})
+}

package/src/hooks/createUser.test.ts

@@ -0,0 +1,77 @@
+import { describe, beforeAll, afterAll, afterEach, it, expect } from 'bun:test'
+import type { Wabe } from 'src'
+import type { DevWabeTypes } from 'src/utils/helper'
+import { setupTests, closeTests } from 'src/utils/testHelper'
+
+describe('createUser hook', () => {
+	let wabe: Wabe<DevWabeTypes>
+
+	beforeAll(async () => {
+		const setup = await setupTests()
+		wabe = setup.wabe
+	})
+
+	afterAll(async () => {
+		await closeTests(wabe)
+	})
+
+	afterEach(async () => {
+		await wabe.controllers.database.clearDatabase()
+	})
+
+	it('should throw an error if disableSignUp is true and user is anonymous', () => {
+		if (wabe.config) {
+			wabe.config.authentication = {
+				disableSignUp: true,
+			}
+		}
+
+		expect(
+			wabe.controllers.database.createObject({
+				className: 'User',
+				context: {
+					wabe,
+					isRoot: false,
+				},
+				data: {
+					email: 'email@test.fr',
+				},
+				select: {},
+			}),
+		).rejects.toThrow('Sign up is disabled')
+
+		if (wabe.config) {
+			wabe.config.authentication = {
+				disableSignUp: false,
+			}
+		}
+	})
+
+	it('should not throw an error if disableSignUp is true and user is root', async () => {
+		if (wabe.config) {
+			wabe.config.authentication = {
+				disableSignUp: true,
+			}
+		}
+
+		const res = await wabe.controllers.database.createObject({
+			className: 'User',
+			context: {
+				wabe,
+				isRoot: true,
+			},
+			data: {
+				email: 'email@test.fr',
+			},
+			select: { id: true },
+		})
+
+		expect(res?.id).toBeDefined()
+
+		if (wabe.config) {
+			wabe.config.authentication = {
+				disableSignUp: false,
+			}
+		}
+	})
+})

package/src/hooks/createUser.ts

@@ -0,0 +1,10 @@
+import type { HookObject } from './HookObject'
+
+export const defaultBeforeCreateUser = (object: HookObject<any, any>) => {
+	const context = object.context
+
+	if (context.isRoot) return
+
+	if (context.wabe.config.authentication?.disableSignUp && !context.user)
+		throw new Error('Sign up is disabled')
+}

package/src/hooks/defaultFields.test.ts

@@ -0,0 +1,176 @@
+import { describe, expect, it, spyOn } from 'bun:test'
+import {
+	defaultBeforeCreateForCreatedAt,
+	defaultBeforeCreateForDefaultValue,
+	defaultBeforeUpdateForUpdatedAt,
+} from './defaultFields'
+import { HookObject } from './HookObject'
+import { OperationType } from '.'
+import type { DevWabeTypes } from '../utils/helper'
+
+describe('Default fields', () => {
+	const now = new Date()
+
+	describe('CreatedAt and UpdatedAt', () => {
+		it('should add createdAt and updatedAt value on insert operation type', () => {
+			const hookObject = new HookObject<DevWabeTypes, 'User'>({
+				className: 'User',
+				operationType: OperationType.BeforeCreate,
+				newData: {
+					email: 'email@test.fr',
+				} as any,
+				context: {} as any,
+				object: {} as any,
+				select: {},
+			})
+
+			const spyHookObjectUpsertNewData = spyOn(hookObject, 'upsertNewData')
+
+			defaultBeforeCreateForCreatedAt(hookObject)
+
+			expect(spyHookObjectUpsertNewData).toHaveBeenCalledTimes(2)
+			expect(spyHookObjectUpsertNewData).toHaveBeenNthCalledWith(1, 'createdAt', expect.any(Date))
+			expect(spyHookObjectUpsertNewData).toHaveBeenNthCalledWith(2, 'updatedAt', expect.any(Date))
+
+			const createdAt = spyHookObjectUpsertNewData.mock.calls[0]?.[1]
+
+			expect(createdAt.getDay()).toEqual(now.getDay())
+			expect(createdAt.getMonth()).toEqual(now.getMonth())
+			expect(createdAt.getFullYear()).toEqual(now.getFullYear())
+
+			const updatedAt = spyHookObjectUpsertNewData.mock.calls[1]?.[1]
+			expect(updatedAt.getDay()).toEqual(now.getDay())
+			expect(updatedAt.getMonth()).toEqual(now.getMonth())
+			expect(updatedAt.getFullYear()).toEqual(now.getFullYear())
+		})
+
+		it('should add updatedAt value on update operation type', () => {
+			const hookObject = new HookObject<DevWabeTypes, 'User'>({
+				className: 'User',
+				operationType: OperationType.BeforeUpdate,
+				newData: {
+					email: 'email@test.fr',
+				} as any,
+				context: {} as any,
+				object: {} as any,
+				select: {},
+			})
+
+			const spyHookObjectUpsertNewData = spyOn(hookObject, 'upsertNewData')
+
+			defaultBeforeUpdateForUpdatedAt(hookObject)
+			expect(spyHookObjectUpsertNewData).toHaveBeenCalledTimes(1)
+			expect(spyHookObjectUpsertNewData).toHaveBeenCalledWith('updatedAt', expect.any(Date))
+
+			const updatedAt = spyHookObjectUpsertNewData.mock.calls[0]?.[1]
+
+			// Don't test hours to avoid flaky
+			expect(updatedAt.getDay()).toEqual(now.getDay())
+			expect(updatedAt.getMonth()).toEqual(now.getMonth())
+			expect(updatedAt.getFullYear()).toEqual(now.getFullYear())
+		})
+
+		it('should not overwrite if the createdAt field is already set', () => {
+			const hookObject = new HookObject<DevWabeTypes, 'User'>({
+				className: 'User',
+				operationType: OperationType.BeforeCreate,
+				newData: {
+					email: 'email@test.fr',
+					createdAt: now,
+				} as any,
+				context: {} as any,
+				object: {} as any,
+				select: {},
+			})
+
+			const spyHookObjectUpsertNewData = spyOn(hookObject, 'upsertNewData')
+
+			defaultBeforeCreateForCreatedAt(hookObject)
+
+			expect(spyHookObjectUpsertNewData).toHaveBeenCalledTimes(1)
+		})
+
+		it('should not overwrite if the updatedAt field is already set', () => {
+			const hookObject = new HookObject<DevWabeTypes, 'User'>({
+				className: 'User',
+				operationType: OperationType.BeforeCreate,
+				newData: {
+					email: 'email@test.fr',
+					updatedAt: now,
+				} as any,
+				context: {} as any,
+				object: {} as any,
+				select: {},
+			})
+
+			const spyHookObjectUpsertNewData = spyOn(hookObject, 'upsertNewData')
+
+			defaultBeforeCreateForCreatedAt(hookObject)
+
+			expect(spyHookObjectUpsertNewData).toHaveBeenCalledTimes(1)
+		})
+	})
+
+	describe('Default value', () => {
+		const config = {
+			schema: {
+				classes: [
+					{
+						name: 'User',
+						fields: {
+							name: { type: 'String' },
+							age: { type: 'Int' },
+							isAdmin: {
+								type: 'Boolean',
+								defaultValue: false,
+							},
+						},
+					},
+				],
+			},
+		} as any
+
+		const context = { wabe: { config } } as any
+
+		it('should add the value if a default value is defined in schema but not specified', async () => {
+			const hookObject = new HookObject<DevWabeTypes, 'User'>({
+				className: 'User',
+				operationType: OperationType.BeforeCreate,
+				newData: {
+					id: 'id',
+					email: 'email@test.fr',
+				} as any,
+				context,
+				object: {} as any,
+				select: {},
+			})
+
+			const spyHookObjectUpsertNewData = spyOn(hookObject, 'upsertNewData')
+
+			await defaultBeforeCreateForDefaultValue(hookObject)
+
+			expect(spyHookObjectUpsertNewData).toHaveBeenCalledTimes(1)
+		})
+
+		it('should not add a default value if a value is specified', async () => {
+			const hookObject = new HookObject<DevWabeTypes, 'User'>({
+				className: 'User',
+				operationType: OperationType.BeforeCreate,
+				newData: {
+					id: 'id',
+					email: 'email@test.fr',
+					isAdmin: true,
+				} as any,
+				context,
+				object: {} as any,
+				select: {},
+			})
+
+			const spyHookObjectUpsertNewData = spyOn(hookObject, 'upsertNewData')
+
+			await defaultBeforeCreateForDefaultValue(hookObject)
+
+			expect(spyHookObjectUpsertNewData).toHaveBeenCalledTimes(0)
+		})
+	})
+})

package/src/hooks/defaultFields.ts

@@ -0,0 +1,32 @@
+import { getClassFromClassName } from '../utils'
+import type { DevWabeTypes } from '../utils/helper'
+import type { HookObject } from './HookObject'
+
+export const defaultBeforeCreateForCreatedAt = (object: HookObject<any, any>) => {
+	if (!object.isFieldUpdated('createdAt')) object.upsertNewData('createdAt', new Date())
+
+	if (!object.isFieldUpdated('updatedAt')) object.upsertNewData('updatedAt', new Date())
+}
+
+export const defaultBeforeUpdateForUpdatedAt = (object: HookObject<any, any>) => {
+	object.upsertNewData('updatedAt', new Date())
+}
+
+export const defaultBeforeCreateForDefaultValue = (object: HookObject<any, any>) => {
+	const schemaClass = getClassFromClassName<DevWabeTypes>(
+		object.className,
+		object.context.wabe.config,
+	)
+	const allFields = Object.keys(schemaClass.fields)
+	allFields.forEach((field) => {
+		const currentSchemaField = schemaClass.fields[field]
+		if (
+			!object.isFieldUpdated(field) &&
+			currentSchemaField?.type !== 'Pointer' &&
+			currentSchemaField?.type !== 'Relation' &&
+			currentSchemaField?.type !== 'File' &&
+			currentSchemaField?.defaultValue !== undefined
+		)
+			object.upsertNewData(field, currentSchemaField.defaultValue)
+	})
+}

package/src/hooks/deleteSession.test.ts

@@ -0,0 +1,181 @@
+import { describe, beforeAll, afterAll, expect, it, beforeEach } from 'bun:test'
+import type { Wabe } from '../server'
+import { type DevWabeTypes, getGraphqlClient } from '../utils/helper'
+import { setupTests, closeTests } from '../utils/testHelper'
+import { gql, type GraphQLClient } from 'graphql-request'
+
+describe('Delete session on delete user', () => {
+	let wabe: Wabe<DevWabeTypes>
+	let port: number
+	let client: GraphQLClient
+
+	beforeAll(async () => {
+		const setup = await setupTests()
+		wabe = setup.wabe
+		port = setup.port
+		client = getGraphqlClient(port)
+	})
+
+	afterAll(async () => {
+		await closeTests(wabe)
+	})
+
+	beforeEach(async () => {
+		await wabe.controllers.database.clearDatabase()
+	})
+
+	it('should delete the session when the user is deleted', async () => {
+		const {
+			signUpWith: { id: userId },
+		} = await client.request<any>(graphql.signUpWith, {
+			input: {
+				authentication: {
+					emailPassword: {
+						email: 'email@test.fr',
+						password: 'password',
+					},
+				},
+			},
+		})
+
+		const { _sessions: sessions1 } = await client.request<any>(graphql.sessions)
+
+		expect(sessions1.edges.length).toEqual(1)
+
+		await client.request<any>(graphql.deleteUser, {
+			input: {
+				id: userId,
+			},
+		})
+
+		const { _sessions: sessions2 } = await client.request<any>(graphql.sessions)
+
+		expect(sessions2.edges.length).toEqual(0)
+	})
+
+	it('should only delete the sessions of the deleted user', async () => {
+		const {
+			signUpWith: { id: userId },
+		} = await client.request<any>(graphql.signUpWith, {
+			input: {
+				authentication: {
+					emailPassword: {
+						email: 'email@test.fr',
+						password: 'password',
+					},
+				},
+			},
+		})
+
+		await client.request<any>(graphql.signUpWith, {
+			input: {
+				authentication: {
+					emailPassword: {
+						email: 'anotherEmail@test.fr',
+						password: 'password',
+					},
+				},
+			},
+		})
+
+		const { _sessions: sessions1 } = await client.request<any>(graphql.sessions)
+
+		expect(sessions1.edges.length).toEqual(2)
+
+		await client.request<any>(graphql.deleteUser, {
+			input: {
+				id: userId,
+			},
+		})
+
+		const { _sessions: sessions2 } = await client.request<any>(graphql.sessions)
+
+		expect(sessions2.edges.length).toEqual(1)
+	})
+
+	it("should not delete any session if the user doesn't have any session", async () => {
+		const {
+			signUpWith: { id: userId },
+		} = await client.request<any>(graphql.signUpWith, {
+			input: {
+				authentication: {
+					emailPassword: {
+						email: 'email@test.fr',
+						password: 'password',
+					},
+				},
+			},
+		})
+
+		await client.request<any>(graphql.signUpWith, {
+			input: {
+				authentication: {
+					emailPassword: {
+						email: 'anotherEmail@test.fr',
+						password: 'password',
+					},
+				},
+			},
+		})
+
+		await wabe.controllers.database.deleteObjects({
+			className: '_Session',
+			context: {
+				wabe,
+				isRoot: true,
+			},
+			select: {},
+			where: {
+				user: {
+					id: {
+						equalTo: userId,
+					},
+				},
+			},
+		})
+
+		// Delete the user
+		await client.request<any>(graphql.deleteUser, {
+			input: {
+				id: userId,
+			},
+		})
+
+		const { _sessions: sessions2 } = await client.request<any>(graphql.sessions)
+
+		expect(sessions2.edges.length).toEqual(1)
+	})
+})
+
+const graphql = {
+	sessions: gql`
+		query _sessions {
+			_sessions {
+				edges {
+					node {
+						id
+					}
+				}
+			}
+		}
+	`,
+	signUpWith: gql`
+		mutation signUpWith($input: SignUpWithInput!) {
+			signUpWith(input: $input) {
+				id
+				accessToken
+				refreshToken
+			}
+		}
+	`,
+	deleteUser: gql`
+		mutation deleteUser($input: DeleteUserInput!) {
+			deleteUser(input: $input) {
+				user {
+					name
+					age
+				}
+			}
+		}
+	`,
+}