zenstack 0.1.42 → 1.0.0

package/.vscode/extensions.json

@@ -0,0 +1,7 @@
+{
+    // See https://go.microsoft.com/fwlink/?LinkId=827846 to learn about workspace recommendations.
+    // Extension identifier format: ${publisher}.${name}. Example: vscode.csharp
+
+    // List of extensions which should be recommended for users of this workspace.
+    "recommendations": ["langium.langium-vscode"]
+}

package/.vscode/launch.json

@@ -0,0 +1,49 @@
+// A launch configuration that launches the extension inside a new window
+// Use IntelliSense to learn about possible attributes.
+// Hover to view descriptions of existing attributes.
+// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Generate for Todo Sample",
+            "program": "${workspaceFolder}/packages/schema/bin/cli",
+            "cwd": "${workspaceFolder}/samples/todo/",
+            "args": ["generate", "${workspaceFolder}/test.zmodel"],
+            "request": "launch",
+            "skipFiles": ["<node_internals>/**"],
+            "type": "node"
+        },
+        {
+            "name": "Attach",
+            "port": 9229,
+            "request": "attach",
+            "skipFiles": ["<node_internals>/**"],
+            "type": "node"
+        },
+        {
+            "name": "Sample-todo: debug server-side",
+            "type": "node-terminal",
+            "request": "launch",
+            "command": "npm run dev",
+            "cwd": "${workspaceFolder}/samples/todo"
+        },
+        {
+            "name": "Run Extension",
+            "type": "extensionHost",
+            "request": "launch",
+            "args": [
+                "--extensionDevelopmentPath=${workspaceFolder}/packages/schema"
+            ]
+        },
+        {
+            "name": "Attach to Language Server",
+            "type": "node",
+            "port": 6009,
+            "request": "attach",
+            "skipFiles": ["<node_internals>/**"],
+            "sourceMaps": true,
+            "outFiles": ["${workspaceFolder}/out/**/*.js"]
+        }
+    ]
+}

package/.vscode/settings.json

@@ -0,0 +1,4 @@
+{
+    "npm.packageManager": "pnpm",
+    "eslint.packageManager": "pnpm"
+}

package/README.md

@@ -0,0 +1 @@
+<h1>ZenStack</h1>

package/package.json

@@ -1,95 +1,13 @@
 {
   "name": "zenstack",
-  "displayName": "ZenStack CLI and Language Tools",
-  "description": "ZenStack CLI and Language Tools",
-  "version": "0.1.42",
-  "engines": {
-    "vscode": "^1.56.0"
-  },
-  "categories": [
-    "Programming Languages"
-  ],
-  "contributes": {
-    "languages": [
-      {
-        "id": "zmodel",
-        "aliases": [
-          "ZenStack Model",
-          "zmodel"
-        ],
-        "extensions": [
-          ".zmodel"
-        ],
-        "configuration": "./language-configuration.json",
-        "icon": {
-          "light": "./asset/logo-light.png",
-          "dark": "./asset/logo-dark.png"
-        }
-      }
-    ],
-    "grammars": [
-      {
-        "language": "zmodel",
-        "scopeName": "source.zmodel",
-        "path": "./syntaxes/zmodel.tmLanguage.json"
-      }
-    ]
-  },
-  "activationEvents": [
-    "onLanguage:zmodel"
-  ],
-  "files": [
-    "bin",
-    "out"
-  ],
-  "bin": {
-    "zenstack": "./bin/cli"
-  },
-  "main": "./out/extension.js",
-  "dependencies": {
-    "@zenstackhq/internal": "0.1.21",
-    "change-case": "^4.1.2",
-    "chevrotain": "^9.1.0",
-    "colors": "^1.4.0",
-    "commander": "^8.0.0",
-    "langium": "^0.4.0",
-    "prisma": "^4.4.0",
-    "promisify": "^0.0.3",
-    "ts-morph": "^16.0.0",
-    "vscode-jsonrpc": "^8.0.2",
-    "vscode-languageclient": "^7.0.0",
-    "vscode-languageserver": "^7.0.0",
-    "vscode-uri": "^3.0.2"
-  },
-  "devDependencies": {
-    "@prisma/internals": "^4.4.0",
-    "@types/jest": "^29.0.3",
-    "@types/node": "^14.18.29",
-    "@types/tmp": "^0.2.3",
-    "@types/uuid": "^8.3.4",
-    "@types/vscode": "^1.56.0",
-    "@typescript-eslint/eslint-plugin": "^4.14.1",
-    "@typescript-eslint/parser": "^4.14.1",
-    "concurrently": "^7.4.0",
-    "eslint": "^7.19.0",
-    "jest": "^29.0.3",
-    "langium-cli": "^0.4.0",
-    "tmp": "^0.2.1",
-    "ts-jest": "^29.0.1",
-    "ts-node": "^10.9.1",
-    "tsc-alias": "^1.7.0",
-    "tsconfig-paths-jest": "^0.0.1",
-    "typescript": "^4.6.2"
-  },
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
   "scripts": {
-    "vscode:prepublish": "npm run build && npm run lint",
-    "build": "tsc && tsc-alias && cp src/language-server/stdlib.zmodel ./out/language-server/ && cp src/generator/*.template.json ./out/generator/",
-    "ts:watch": "tsc --watch",
-    "tsc-alias:watch": "tsc-alias --watch",
-    "lint": "eslint src --ext ts",
-    "langium:generate": "langium generate",
-    "langium:watch": "langium generate --watch",
-    "watch": "concurrently --kill-others \"npm:langium:watch\" \"npm:ts:watch\" \"npm:tsc-alias:watch\"",
-    "test": "jest"
+    "build": "pnpm -r build",
+    "test": "pnpm -r test"
   }
 }

package/packages/internal/jest.config.ts

@@ -0,0 +1,32 @@
+/*
+ * For a detailed explanation regarding each configuration property and type check, visit:
+ * https://jestjs.io/docs/configuration
+ */
+
+import tsconfig from './tsconfig.json';
+const moduleNameMapper = require('tsconfig-paths-jest')(tsconfig);
+
+export default {
+    // Automatically clear mock calls, instances, contexts and results before every test
+    clearMocks: true,
+
+    // Indicates whether the coverage information should be collected while executing the test
+    collectCoverage: true,
+
+    // The directory where Jest should output its coverage files
+    coverageDirectory: 'tests/coverage',
+
+    // An array of regexp pattern strings used to skip coverage collection
+    coveragePathIgnorePatterns: ['/node_modules/', '/tests/'],
+
+    // Indicates which provider should be used to instrument code for coverage
+    coverageProvider: 'v8',
+
+    // A list of reporter names that Jest uses when writing coverage reports
+    coverageReporters: ['json', 'text', 'lcov', 'clover'],
+
+    // A map from regular expressions to paths to transformers
+    transform: { '^.+\\.tsx?$': 'ts-jest' },
+
+    moduleNameMapper,
+};

package/packages/internal/package.json

@@ -0,0 +1,42 @@
+{
+    "name": "@zenstackhq/internal",
+    "version": "0.1.21",
+    "description": "ZenStack internal runtime library",
+    "main": "lib/index.js",
+    "types": "lib/index.d.ts",
+    "scripts": {
+        "build": "tsc",
+        "watch": "tsc --watch",
+        "test": "jest",
+        "prepublishOnly": "pnpm build"
+    },
+    "keywords": [],
+    "author": "",
+    "license": "ISC",
+    "files": [
+        "lib/**/*"
+    ],
+    "dependencies": {
+        "bcryptjs": "^2.4.3",
+        "deepcopy": "^2.1.0",
+        "swr": "^1.3.0",
+        "uuid": "^9.0.0"
+    },
+    "peerDependencies": {
+        "next": "12.3.1",
+        "react": "^17.0.2 || ^18",
+        "react-dom": "^17.0.2 || ^18"
+    },
+    "devDependencies": {
+        "@types/bcryptjs": "^2.4.2",
+        "@types/jest": "^29.0.3",
+        "@types/node": "^14.18.29",
+        "@types/uuid": "^8.3.4",
+        "jest": "^29.0.3",
+        "ts-jest": "^29.0.1",
+        "ts-node": "^10.9.1",
+        "tsc-alias": "^1.7.0",
+        "tsconfig-paths-jest": "^0.0.1",
+        "typescript": "^4.6.2"
+    }
+}

package/packages/internal/src/constants.ts

@@ -0,0 +1 @@
+export const TRANSACTION_FIELD_NAME = 'zenstack_transaction';

package/packages/internal/src/handler/data/guard-utils.ts

@@ -0,0 +1,7 @@
+export function and(condition1: any, condition2: any) {
+    if (condition1 && condition2) {
+        return { AND: [condition1, condition2] };
+    } else {
+        return condition1 ?? condition2;
+    }
+}

package/packages/internal/src/handler/data/handler.ts

@@ -0,0 +1,415 @@
+import { NextApiRequest, NextApiResponse } from 'next';
+import { RequestHandlerOptions } from '../../request-handler';
+import {
+    PolicyOperationKind,
+    QueryContext,
+    ServerErrorCode,
+    Service,
+} from '../../types';
+import { RequestHandler, RequestHandlerError } from '../types';
+import { QueryProcessor } from './query-processor';
+import { v4 as uuid } from 'uuid';
+import { TRANSACTION_FIELD_NAME } from '../../constants';
+import { and } from './guard-utils';
+
+const PRISMA_ERROR_MAPPING: Record<string, ServerErrorCode> = {
+    P2002: ServerErrorCode.UNIQUE_CONSTRAINT_VIOLATION,
+    P2003: ServerErrorCode.REFERENCE_CONSTRAINT_VIOLATION,
+    P2025: ServerErrorCode.REFERENCE_CONSTRAINT_VIOLATION,
+};
+
+export default class DataHandler<DbClient> implements RequestHandler {
+    private readonly queryProcessor: QueryProcessor;
+
+    constructor(
+        private readonly service: Service<DbClient>,
+        private readonly options: RequestHandlerOptions
+    ) {
+        this.queryProcessor = new QueryProcessor(service);
+    }
+
+    async handle(req: NextApiRequest, res: NextApiResponse, path: string[]) {
+        const [model, id] = path;
+        const method = req.method;
+
+        const context = { user: await this.options.getServerUser(req, res) };
+
+        try {
+            switch (method) {
+                case 'GET':
+                    await this.get(req, res, model, id, context);
+                    break;
+
+                case 'POST':
+                    await this.post(req, res, model, context);
+                    break;
+
+                case 'PUT':
+                    await this.put(req, res, model, id, context);
+                    break;
+
+                case 'DELETE':
+                    await this.del(req, res, model, id, context);
+                    break;
+
+                default:
+                    console.warn(`Unhandled method: ${method}`);
+                    res.status(200).send({});
+                    break;
+            }
+        } catch (err: any) {
+            console.log(`Error handling ${method} ${model}: ${err}`);
+            if (err instanceof RequestHandlerError) {
+                switch (err.code) {
+                    case ServerErrorCode.DENIED_BY_POLICY:
+                        res.status(403).send({
+                            code: err.code,
+                            message: err.message,
+                        });
+                        break;
+                    case ServerErrorCode.ENTITY_NOT_FOUND:
+                        res.status(404).send({
+                            code: err.code,
+                            message: err.message,
+                        });
+                        break;
+                    default:
+                        res.status(400).send({
+                            code: err.code,
+                            message: err.message,
+                        });
+                }
+            } else if (err.code) {
+                if (PRISMA_ERROR_MAPPING[err.code]) {
+                    res.status(400).send({
+                        code: PRISMA_ERROR_MAPPING[err.code],
+                        message: 'database access error',
+                    });
+                } else {
+                    res.status(400).send({
+                        code: 'PRISMA:' + err.code,
+                        message: 'an unhandled Prisma error occurred',
+                    });
+                }
+            } else {
+                console.error(
+                    `An unknown error occurred: ${JSON.stringify(err)}`
+                );
+                res.status(500).send({ error: ServerErrorCode.UNKNOWN });
+            }
+        }
+    }
+
+    private async get(
+        req: NextApiRequest,
+        res: NextApiResponse,
+        model: string,
+        id: string,
+        context: QueryContext
+    ) {
+        const db = (this.service.db as any)[model];
+        const args = req.query.q ? JSON.parse(req.query.q as string) : {};
+        const processedArgs = await this.queryProcessor.processQueryArgs(
+            model,
+            args,
+            'read',
+            context
+        );
+
+        let r;
+        if (id) {
+            if (processedArgs.where) {
+                processedArgs.where = and(processedArgs.where, { id });
+            } else {
+                processedArgs.where = { id };
+            }
+            r = await db.findFirst(processedArgs);
+            if (!r) {
+                throw new RequestHandlerError(
+                    ServerErrorCode.ENTITY_NOT_FOUND,
+                    'not found'
+                );
+            }
+        } else {
+            r = await db.findMany(processedArgs);
+        }
+
+        console.log(`Finding ${model}:\n${JSON.stringify(processedArgs)}`);
+        await this.queryProcessor.postProcess(model, r, 'read', context);
+
+        res.status(200).send(r);
+    }
+
+    private async post(
+        req: NextApiRequest,
+        res: NextApiResponse,
+        model: string,
+        context: QueryContext
+    ) {
+        const args = req.body;
+        if (!args) {
+            throw new RequestHandlerError(
+                ServerErrorCode.INVALID_REQUEST_PARAMS,
+                'body is required'
+            );
+        }
+        if (!args.data) {
+            throw new RequestHandlerError(
+                ServerErrorCode.INVALID_REQUEST_PARAMS,
+                'data field is required'
+            );
+        }
+
+        const db = this.service.db as any;
+        const transactionid = uuid();
+        const { writeArgs, includedModels } =
+            await this.queryProcessor.processQueryArgsForWrite(
+                model,
+                args,
+                'create',
+                context,
+                transactionid
+            );
+
+        const r = await db.$transaction(async (tx: any) => {
+            console.log(`Create ${model}:\n${JSON.stringify(writeArgs)}`);
+            const created = await tx[model].create(writeArgs);
+
+            await this.checkPolicyForIncludedModels(
+                includedModels,
+                transactionid,
+                tx,
+                context
+            );
+
+            const finalResultArgs = {
+                where: { id: created.id },
+                include: args.include,
+                select: args.select,
+            };
+            return await tx[model].findUnique(finalResultArgs);
+        });
+
+        await this.queryProcessor.postProcess(model, r, 'create', context);
+        res.status(201).send(r);
+    }
+
+    private async checkPolicyForIncludedModels(
+        includedModels: Set<string>,
+        transactionId: string,
+        transaction: any,
+        context: QueryContext
+    ) {
+        const modelChecks = Array.from(includedModels).map(
+            async (modelToCheck) => {
+                for (const operation of ['create', 'update', 'delete']) {
+                    const queryArgs = {
+                        where: {
+                            [TRANSACTION_FIELD_NAME]: `${transactionId}:${operation}`,
+                        },
+                    };
+                    const fullCount = await transaction[modelToCheck].count(
+                        queryArgs
+                    );
+
+                    if (fullCount > 0) {
+                        const processedQueryArgs =
+                            await this.queryProcessor.processQueryArgs(
+                                modelToCheck,
+                                queryArgs,
+                                operation as PolicyOperationKind,
+                                context
+                            );
+                        console.log(
+                            `Counting ${operation} ${modelToCheck}:\n${JSON.stringify(
+                                processedQueryArgs
+                            )}`
+                        );
+                        const filteredCount = await transaction[
+                            modelToCheck
+                        ].count(processedQueryArgs);
+
+                        if (fullCount !== filteredCount) {
+                            console.log(
+                                `Model ${modelToCheck}: filtered count ${filteredCount} mismatch full count ${fullCount}, transactionId: ${transactionId}`
+                            );
+                            throw new RequestHandlerError(
+                                ServerErrorCode.DENIED_BY_POLICY,
+                                'denied by policy'
+                            );
+                        }
+                    }
+
+                    if (operation === 'delete' && fullCount > 0) {
+                        // delete was converted to update during preprocessing, we need to proceed with it now
+                        const deleteArgs = {
+                            where: {
+                                [TRANSACTION_FIELD_NAME]: `${transactionId}:delete`,
+                            },
+                        };
+                        console.log(
+                            `Deleting nested entities for ${modelToCheck}:\n${JSON.stringify(
+                                deleteArgs
+                            )}`
+                        );
+                        await transaction[modelToCheck].deleteMany(deleteArgs);
+                    }
+                }
+            }
+        );
+
+        await Promise.all(modelChecks);
+    }
+
+    private async put(
+        req: NextApiRequest,
+        res: NextApiResponse,
+        model: string,
+        id: string,
+        context: QueryContext
+    ) {
+        if (!id) {
+            throw new RequestHandlerError(
+                ServerErrorCode.INVALID_REQUEST_PARAMS,
+                'missing "id" parameter'
+            );
+        }
+
+        // ensure entity passes policy check
+        await this.ensureEntityPolicy(id, model, 'update', context);
+
+        const args = req.body;
+        if (!args) {
+            throw new RequestHandlerError(
+                ServerErrorCode.INVALID_REQUEST_PARAMS,
+                'body is required'
+            );
+        }
+
+        const db = this.service.db as any;
+        const transactionid = uuid();
+        args.where = { ...args.where, id };
+
+        const { preWriteGuard, writeArgs, includedModels } =
+            await this.queryProcessor.processQueryArgsForWrite(
+                model,
+                args,
+                'update',
+                context,
+                transactionid
+            );
+
+        // make sure target matches policy before update
+        console.log(
+            `Finding pre-write record:\n${JSON.stringify(preWriteGuard)}`
+        );
+        let preUpdate = await db[model].findFirst(preWriteGuard);
+        if (preUpdate) {
+            // run post processing to see if any field is deleted, if so, reject
+            const deleted = await this.queryProcessor.postProcess(
+                model,
+                preUpdate,
+                'update',
+                context
+            );
+            if (deleted) {
+                preUpdate = null;
+            }
+        }
+
+        if (!preUpdate) {
+            console.log(`Pre-write guard check failed`);
+            throw new RequestHandlerError(
+                ServerErrorCode.DENIED_BY_POLICY,
+                'denied by policy before update'
+            );
+        }
+
+        const r = await db.$transaction(async (tx: any) => {
+            console.log(`Update ${model}:\n${JSON.stringify(writeArgs)}`);
+            await tx[model].update(writeArgs);
+
+            await this.checkPolicyForIncludedModels(
+                includedModels,
+                transactionid,
+                tx,
+                context
+            );
+
+            const finalResultArgs = {
+                where: { id },
+                include: args.include,
+                select: args.select,
+            };
+            return await tx[model].findUnique(finalResultArgs);
+        });
+
+        await this.queryProcessor.postProcess(model, r, 'update', context);
+        res.status(200).send(r);
+    }
+
+    private async del(
+        req: NextApiRequest,
+        res: NextApiResponse,
+        model: string,
+        id: string,
+        context: QueryContext
+    ) {
+        if (!id) {
+            throw new RequestHandlerError(
+                ServerErrorCode.INVALID_REQUEST_PARAMS,
+                'missing "id" parameter'
+            );
+        }
+
+        // ensure entity passes policy check
+        await this.ensureEntityPolicy(id, model, 'delete', context);
+
+        const args = req.query.q ? JSON.parse(req.query.q as string) : {};
+
+        // proceed with deleting
+        const delArgs = await this.queryProcessor.processQueryArgs(
+            model,
+            args,
+            'delete',
+            context,
+            false
+        );
+        delArgs.where = { ...delArgs.where, id };
+
+        console.log(`Deleting ${model}:\n${JSON.stringify(delArgs)}`);
+        const db = (this.service.db as any)[model];
+        const r = await db.delete(delArgs);
+        await this.queryProcessor.postProcess(model, r, 'delete', context);
+
+        res.status(200).send(r);
+    }
+
+    private async ensureEntityPolicy(
+        id: string,
+        model: string,
+        operation: PolicyOperationKind,
+        context: QueryContext
+    ) {
+        const db = (this.service.db as any)[model];
+
+        // check if the record is readable concerning "delete" policy
+        const readArgs = await this.queryProcessor.processQueryArgs(
+            model,
+            { where: { id } },
+            operation,
+            context
+        );
+        console.log(
+            `Finding pre-operation ${model}:\n${JSON.stringify(readArgs)}`
+        );
+        const read = await db.findFirst(readArgs);
+        if (!read) {
+            throw new RequestHandlerError(
+                ServerErrorCode.DENIED_BY_POLICY,
+                'denied by policy'
+            );
+        }
+        return read;
+    }
+}