zenstack 1.0.0 → 1.0.2

package/packages/internal/src/handler/data/query-processor.ts

@@ -1,504 +0,0 @@
-import deepcopy from 'deepcopy';
-import { TRANSACTION_FIELD_NAME } from '../../constants';
-import {
-    PolicyOperationKind,
-    QueryContext,
-    ServerErrorCode,
-    Service,
-} from '../../types';
-import { RequestHandlerError } from '../types';
-import { and } from './guard-utils';
-
-export class QueryProcessor {
-    constructor(private readonly service: Service) {}
-
-    async processQueryArgsForWrite(
-        model: string,
-        args: any,
-        operation: PolicyOperationKind,
-        context: QueryContext,
-        transactionId: string
-    ) {
-        const preWriteGuard = args ? deepcopy(args) : {};
-        delete preWriteGuard.data;
-        delete preWriteGuard.include;
-        delete preWriteGuard.select;
-
-        if (operation === 'update') {
-            preWriteGuard.select = { id: true };
-            await this.injectSelectForToOneRelation(
-                model,
-                preWriteGuard.select,
-                args.data,
-                operation
-            );
-        }
-
-        await this.processQueryArgs(
-            model,
-            preWriteGuard,
-            operation,
-            context,
-            true
-        );
-
-        const writeArgs = args ? deepcopy(args) : {};
-        delete writeArgs.include;
-        delete writeArgs.select;
-
-        const includedModels = new Set<string>([model]);
-        await this.collectModelsInNestedWrites(
-            model,
-            writeArgs.data,
-            operation,
-            context,
-            includedModels,
-            transactionId
-        );
-
-        return { preWriteGuard, writeArgs, includedModels };
-    }
-
-    async injectSelectForToOneRelation(
-        model: string,
-        select: any,
-        updateData: any,
-        operation: string
-    ) {
-        if (!updateData) {
-            return;
-        }
-        for (const [k, v] of Object.entries(updateData)) {
-            const fieldInfo = await this.service.resolveField(model, k);
-            if (fieldInfo) {
-                if (fieldInfo.isArray) {
-                    select[k] = { select: { ...select?.[k]?.select } };
-                    await this.injectSelectForToOneRelation(
-                        fieldInfo.type,
-                        select[k].select,
-                        (v as any)?.update,
-                        operation
-                    );
-                    if (Object.keys(select[k].select).length === 0) {
-                        delete select[k].select;
-                    }
-                } else {
-                    select[k] = {
-                        select: { ...select?.[k]?.select, id: true },
-                    };
-                    await this.injectSelectForToOneRelation(
-                        fieldInfo.type,
-                        select[k].select,
-                        v,
-                        operation
-                    );
-                }
-            }
-        }
-    }
-
-    private async collectModelsInNestedWrites(
-        model: string,
-        data: any,
-        operation: PolicyOperationKind,
-        context: QueryContext,
-        includedModels: Set<string>,
-        transactionId: string
-    ) {
-        if (!data) {
-            return;
-        }
-
-        const arr = Array.isArray(data) ? data : [data];
-
-        for (const item of arr) {
-            item[TRANSACTION_FIELD_NAME] = transactionId + ':' + operation;
-
-            for (const [k, v] of Object.entries<any>(item)) {
-                if (!v) {
-                    continue;
-                }
-                const fieldInfo = await this.service.resolveField(model, k);
-                if (fieldInfo) {
-                    includedModels.add(fieldInfo.type);
-
-                    for (const [op, payload] of Array.from(
-                        Object.entries<any>(v)
-                    )) {
-                        if (!payload) {
-                            continue;
-                        }
-                        switch (op) {
-                            case 'create':
-                                await this.collectModelsInNestedWrites(
-                                    fieldInfo.type,
-                                    payload,
-                                    'create',
-                                    context,
-                                    includedModels,
-                                    transactionId
-                                );
-                                break;
-
-                            case 'connectOrCreate':
-                                if (payload.create) {
-                                    await this.collectModelsInNestedWrites(
-                                        fieldInfo.type,
-                                        payload.create,
-                                        'create',
-                                        context,
-                                        includedModels,
-                                        transactionId
-                                    );
-                                }
-                                break;
-
-                            case 'upsert':
-                                if (payload.update) {
-                                    await this.collectModelsInNestedWrites(
-                                        fieldInfo.type,
-                                        payload.update,
-                                        'update',
-                                        context,
-                                        includedModels,
-                                        transactionId
-                                    );
-                                }
-                                if (payload.update) {
-                                    await this.collectModelsInNestedWrites(
-                                        fieldInfo.type,
-                                        payload.create,
-                                        'create',
-                                        context,
-                                        includedModels,
-                                        transactionId
-                                    );
-                                }
-                                break;
-
-                            case 'createMany':
-                                if (
-                                    payload.data &&
-                                    typeof payload.data[Symbol.iterator] ===
-                                        'function'
-                                ) {
-                                    for (const item of payload.data) {
-                                        await this.collectModelsInNestedWrites(
-                                            fieldInfo.type,
-                                            item,
-                                            'create',
-                                            context,
-                                            includedModels,
-                                            transactionId
-                                        );
-                                    }
-                                    break;
-                                }
-                                break;
-
-                            case 'update':
-                                if (fieldInfo.isArray) {
-                                    const guard =
-                                        await this.service.buildQueryGuard(
-                                            fieldInfo.type,
-                                            'update',
-                                            context
-                                        );
-
-                                    if (
-                                        guard &&
-                                        Object.keys(guard).length > 0
-                                    ) {
-                                        payload.where = and(
-                                            payload.where,
-                                            guard
-                                        );
-                                        v.updateMany = payload;
-                                        delete v.update;
-                                    }
-
-                                    // to-many updates, data is in 'data' field
-                                    await this.collectModelsInNestedWrites(
-                                        fieldInfo.type,
-                                        payload.data,
-                                        'update',
-                                        context,
-                                        includedModels,
-                                        transactionId
-                                    );
-                                } else {
-                                    // to-one update, payload is data
-                                    await this.collectModelsInNestedWrites(
-                                        fieldInfo.type,
-                                        payload,
-                                        'update',
-                                        context,
-                                        includedModels,
-                                        transactionId
-                                    );
-                                }
-                                break;
-
-                            case 'updateMany': {
-                                const guard =
-                                    await this.service.buildQueryGuard(
-                                        fieldInfo.type,
-                                        'update',
-                                        context
-                                    );
-
-                                if (guard && Object.keys(guard).length > 0) {
-                                    payload.where = and(payload.where, guard);
-                                    v.updateMany = payload;
-                                }
-                                await this.collectModelsInNestedWrites(
-                                    fieldInfo.type,
-                                    payload,
-                                    'update',
-                                    context,
-                                    includedModels,
-                                    transactionId
-                                );
-                                break;
-                            }
-
-                            case 'delete':
-                            case 'deleteMany': {
-                                if (fieldInfo.isArray) {
-                                    v[
-                                        op === 'delete'
-                                            ? 'update'
-                                            : 'updateMany'
-                                    ] = {
-                                        where: payload,
-                                        data: {
-                                            [TRANSACTION_FIELD_NAME]:
-                                                transactionId + ':delete',
-                                        },
-                                    };
-                                } else {
-                                    v[
-                                        op === 'delete'
-                                            ? 'update'
-                                            : 'updateMany'
-                                    ] = {
-                                        [TRANSACTION_FIELD_NAME]:
-                                            transactionId + ':delete',
-                                    };
-                                }
-                                delete v[op];
-                                break;
-                            }
-
-                            case 'connect':
-                                // noop
-                                break;
-
-                            default:
-                                throw new RequestHandlerError(
-                                    ServerErrorCode.INVALID_REQUEST_PARAMS,
-                                    `Unsupported nested operation '${op}'`
-                                );
-                        }
-                    }
-                }
-            }
-        }
-    }
-
-    async processQueryArgs(
-        model: string,
-        args: any,
-        operation: PolicyOperationKind,
-        context: QueryContext,
-        injectWhere: boolean = true
-    ) {
-        const r = args ? deepcopy(args) : {};
-
-        if (injectWhere) {
-            const guard = await this.service.buildQueryGuard(
-                model,
-                operation,
-                context
-            );
-            if (guard) {
-                if (!r.where) {
-                    r.where = guard;
-                } else {
-                    r.where = {
-                        AND: [guard, r.where],
-                    };
-                }
-            }
-        }
-
-        if (r.include || r.select) {
-            if (r.include && r.select) {
-                throw new RequestHandlerError(
-                    ServerErrorCode.INVALID_REQUEST_PARAMS,
-                    'Passing both "include" and "select" at the same level of query is not supported'
-                );
-            }
-
-            // "include" and "select" are mutually exclusive
-            const selector = r.include ? 'include' : 'select';
-            for (const [field, value] of Object.entries(r[selector])) {
-                const fieldInfo = await this.service.resolveField(model, field);
-                if (fieldInfo) {
-                    if (fieldInfo.isArray) {
-                        // note that Prisma only allows to attach filter for "to-many" relation
-                        // query, so we need to handle "to-one" filter separately in post-processing
-                        const fieldGuard = await this.processQueryArgs(
-                            fieldInfo.type,
-                            value === true ? {} : value,
-                            operation,
-                            context
-                        );
-                        r[selector][field] = fieldGuard;
-                    } else {
-                        // make sure "id" field is included so that we can do post-process filtering
-                        if (selector === 'select') {
-                            r[selector].id = true;
-                        }
-                    }
-                }
-            }
-        }
-
-        return r;
-    }
-
-    private async getToOneFieldInfo(
-        model: string,
-        fieldName: string,
-        fieldValue: any
-    ) {
-        if (
-            !fieldValue ||
-            Array.isArray(fieldValue) ||
-            typeof fieldValue !== 'object'
-        ) {
-            return null;
-        }
-
-        const fieldInfo = await this.service.resolveField(model, fieldName);
-        if (!fieldInfo || fieldInfo.isArray) {
-            return null;
-        }
-
-        return fieldInfo;
-    }
-
-    private async collectRelationFields(
-        model: string,
-        data: any,
-        map: Map<string, string[]>
-    ) {
-        for (const [fieldName, fieldValue] of Object.entries(data)) {
-            const val: any = fieldValue;
-            const fieldInfo = await this.getToOneFieldInfo(
-                model,
-                fieldName,
-                fieldValue
-            );
-            if (!fieldInfo) {
-                continue;
-            }
-
-            if (!map.has(fieldInfo.type)) {
-                map.set(fieldInfo.type, []);
-            }
-            map.get(fieldInfo.type)!.push(val.id);
-
-            // recurse into field value
-            this.collectRelationFields(fieldInfo.type, val, map);
-        }
-    }
-
-    private async checkIdsAgainstPolicy(
-        relationFieldMap: Map<string, string[]>,
-        operation: PolicyOperationKind,
-        context: QueryContext
-    ) {
-        const promises = Array.from(relationFieldMap.entries()).map(
-            async ([model, ids]) => {
-                const args = {
-                    select: { id: true },
-                    where: {
-                        id: { in: ids },
-                    },
-                };
-
-                const processedArgs = await this.processQueryArgs(
-                    model,
-                    args,
-                    operation,
-                    context,
-                    true
-                );
-
-                const checkedIds: Array<{ id: string }> = await this.service.db[
-                    model
-                ].findMany(processedArgs);
-                return [model, checkedIds.map((r) => r.id)] as [
-                    string,
-                    string[]
-                ];
-            }
-        );
-        return new Map<string, string[]>(await Promise.all(promises));
-    }
-
-    private async sanitizeData(
-        model: string,
-        data: any,
-        validatedIds: Map<string, string[]>
-    ): Promise<boolean> {
-        let deleted = false;
-        for (const [fieldName, fieldValue] of Object.entries(data)) {
-            const fieldInfo = await this.getToOneFieldInfo(
-                model,
-                fieldName,
-                fieldValue
-            );
-            if (!fieldInfo) {
-                continue;
-            }
-            const fv = fieldValue as { id: string };
-            const valIds = validatedIds.get(fieldInfo.type);
-
-            if (!valIds || !valIds.includes(fv.id)) {
-                console.log(
-                    `Deleting field ${fieldName} from ${model}#${data.id}, because field value #${fv.id} failed policy check`
-                );
-                delete data[fieldName];
-                deleted = true;
-            }
-
-            const r = await this.sanitizeData(
-                fieldInfo.type,
-                fieldValue,
-                validatedIds
-            );
-            deleted = deleted || r;
-        }
-
-        return deleted;
-    }
-
-    async postProcess(
-        model: string,
-        data: any,
-        operation: PolicyOperationKind,
-        context: QueryContext
-    ) {
-        const relationFieldMap = new Map<string, string[]>();
-        await this.collectRelationFields(model, data, relationFieldMap);
-        const validatedIds = await this.checkIdsAgainstPolicy(
-            relationFieldMap,
-            operation,
-            context
-        );
-        return this.sanitizeData(model, data, validatedIds);
-    }
-}

package/packages/internal/src/handler/index.ts

@@ -1 +0,0 @@
-export { default as DataHandler } from './data/handler';

package/packages/internal/src/handler/types.ts

@@ -1,20 +0,0 @@
-import { NextApiRequest, NextApiResponse } from 'next';
-import { ServerErrorCode } from '../types';
-
-export interface RequestHandler {
-    handle(
-        req: NextApiRequest,
-        res: NextApiResponse,
-        path: string[]
-    ): Promise<void>;
-}
-
-export class RequestHandlerError extends Error {
-    constructor(public readonly code: ServerErrorCode, message: string) {
-        super(message);
-    }
-
-    toString() {
-        return `Request handler error: ${this.code}, ${this.message}`;
-    }
-}

package/packages/internal/src/index.ts

@@ -1,3 +0,0 @@
-export * from './types';
-export * from './request-handler';
-export * as request from './request';

package/packages/internal/src/request-handler.ts

@@ -1,27 +0,0 @@
-import { NextApiRequest, NextApiResponse } from 'next';
-import { DataHandler } from './handler';
-import { AuthUser, Service } from './types';
-
-export type RequestHandlerOptions = {
-    getServerUser: (
-        req: NextApiRequest,
-        res: NextApiResponse
-    ) => Promise<AuthUser | undefined>;
-};
-
-export function requestHandler<DbClient>(
-    service: Service<DbClient>,
-    options: RequestHandlerOptions
-) {
-    const dataHandler = new DataHandler<DbClient>(service, options);
-    return async (req: NextApiRequest, res: NextApiResponse) => {
-        const [route, ...rest] = req.query.path as string[];
-        switch (route) {
-            case 'data':
-                return dataHandler.handle(req, res, rest);
-
-            default:
-                res.status(404).json({ error: 'Unknown route: ' + route });
-        }
-    };
-}

package/packages/internal/src/request.ts

@@ -1,101 +0,0 @@
-import useSWR, { useSWRConfig } from 'swr';
-import type { MutatorCallback, MutatorOptions } from 'swr/dist/types';
-
-const fetcher = async (url: string, options?: RequestInit) => {
-    const res = await fetch(url, options);
-    if (!res.ok) {
-        const error: Error & { info?: any; status?: number } = new Error(
-            'An error occurred while fetching the data.'
-        );
-        error.info = await res.json();
-        error.status = res.status;
-        throw error;
-    }
-    return res.json();
-};
-
-function makeUrl(url: string, args: unknown) {
-    return args ? url + `?q=${encodeURIComponent(JSON.stringify(args))}` : url;
-}
-
-export function get<Data, Error = any>(url: string | null, args?: unknown) {
-    return useSWR<Data, Error>(url && makeUrl(url, args), fetcher);
-}
-
-export async function post<Data, Result>(
-    url: string,
-    data: Data,
-    mutate: Mutator
-) {
-    const r: Result = await fetcher(url, {
-        method: 'POST',
-        headers: {
-            'content-type': 'application/json',
-        },
-        body: JSON.stringify(data),
-    });
-    mutate(url, true);
-    return r;
-}
-
-export async function put<Data, Result>(
-    url: string,
-    data: Data,
-    mutate: Mutator
-) {
-    const r: Result = await fetcher(url, {
-        method: 'PUT',
-        headers: {
-            'content-type': 'application/json',
-        },
-        body: JSON.stringify(data),
-    });
-    mutate(url, true);
-    return r;
-}
-
-export async function del<Result>(url: string, args: unknown, mutate: Mutator) {
-    const reqUrl = makeUrl(url, args);
-    const r: Result = await fetcher(reqUrl, {
-        method: 'DELETE',
-    });
-    const path = url.split('/');
-    path.pop();
-    mutate(path.join('/'), true);
-    return r;
-}
-
-type Mutator = (
-    key: string,
-    prefix: boolean,
-    data?: any | Promise<any> | MutatorCallback,
-    opts?: boolean | MutatorOptions
-) => Promise<any[]>;
-
-export function getMutate(): Mutator {
-    // https://swr.vercel.app/docs/advanced/cache#mutate-multiple-keys-from-regex
-    const { cache, mutate } = useSWRConfig();
-    return (
-        key: string,
-        prefix: boolean,
-        data?: any | Promise<any> | MutatorCallback,
-        opts?: boolean | MutatorOptions
-    ) => {
-        if (!prefix) {
-            return mutate(key, data, opts);
-        }
-
-        if (!(cache instanceof Map)) {
-            throw new Error(
-                'mutate requires the cache provider to be a Map instance'
-            );
-        }
-
-        const keys = Array.from(cache.keys()).filter(
-            (k) => typeof k === 'string' && k.startsWith(key)
-        ) as string[];
-        console.log('Mutating keys:', JSON.stringify(keys));
-        const mutations = keys.map((key) => mutate(key, data, opts));
-        return Promise.all(mutations);
-    };
-}

package/packages/internal/src/types.ts

@@ -1,40 +0,0 @@
-export interface DbOperations {
-    findMany(args: any): Promise<any[]>;
-    findFirst(args: any): Promise<any>;
-    create(args: any): Promise<any>;
-    update(args: any): Promise<any>;
-    delete(args: any): Promise<any>;
-}
-
-export type PolicyKind = 'allow' | 'deny';
-
-export type PolicyOperationKind = 'create' | 'update' | 'read' | 'delete';
-
-export type AuthUser = { id: string } & Record<string, any>;
-
-export type QueryContext = {
-    user?: AuthUser;
-};
-
-export type FieldInfo = { type: string; isArray: boolean };
-
-export interface Service<DbClient = any> {
-    get db(): DbClient;
-
-    resolveField(model: string, field: string): Promise<FieldInfo | undefined>;
-
-    buildQueryGuard(
-        model: string,
-        operation: PolicyOperationKind,
-        context: QueryContext
-    ): any;
-}
-
-export enum ServerErrorCode {
-    ENTITY_NOT_FOUND = 'ENTITY_NOT_FOUND',
-    INVALID_REQUEST_PARAMS = 'INVALID_REQUEST_PARAMS',
-    DENIED_BY_POLICY = 'DENIED_BY_POLICY',
-    UNIQUE_CONSTRAINT_VIOLATION = 'UNIQUE_CONSTRAINT_VIOLATION',
-    REFERENCE_CONSTRAINT_VIOLATION = 'REFERENCE_CONSTRAINT_VIOLATION',
-    UNKNOWN = 'UNKNOWN',
-}