New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@smallstack/api-server
Advanced tools
@smallstack/api-server - npm Package Compare versions
Comparing version 0.3.39 to 0.3.40
@@ -40,9 +40,3 @@ import { APIPaginationParameters, APIParams, APIResponse, CollectionAccessService, ConfigurationService, Type, TypeServiceQuery } from "@smallstack/common"; | ||
| createAPISelector(type: Type, queryName: string, params: APIParams): Promise<RawCursor>; | ||
| protected checkTypesystem(): void; | ||
| /** | ||
| * This method creates the endpoint and should get implemented in the target system (e.g. via http-methods in Meteor) | ||
| */ | ||
| protected abstract registerEndpoint<T>(api: API, executableMethod: (params: APIParams) => Promise<APIResponse<T>>): any; | ||
| protected getUniqueCallbackName(api: API): string; | ||
| protected createAPIError(error: { | ||
| createAPIError(error: { | ||
| message: string; | ||
@@ -55,3 +49,9 @@ title?: string; | ||
| }): APIResponse; | ||
| protected createAPIErrorFromException(error: Error): APIResponse; | ||
| createAPIErrorFromException(error: Error): APIResponse; | ||
| protected checkTypesystem(): void; | ||
| /** | ||
| * This method creates the endpoint and should get implemented in the target system (e.g. via http-methods in Meteor) | ||
| */ | ||
| protected abstract registerEndpoint<T>(api: API, executableMethod: (params: APIParams) => Promise<APIResponse<T>>): any; | ||
| protected getUniqueCallbackName(api: API): string; | ||
| private checkRestfulPermission; | ||
@@ -58,0 +58,0 @@ private getServiceQueryResult; |
@@ -1,2 +0,2 @@ | ||
| !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("@smallstack/common"),require("underscore"),require("@smallstack/user"),require("lodash")):"function"==typeof define&&define.amd?define(["exports","@smallstack/common","underscore","@smallstack/user","lodash"],t):t(e["@smallstack/api-server"]={},e["@smallstack/common"],e._,e["@smallstack/user"],e.lodash)}(this,function(e,D,M,a,k){"use strict";var n,o,i,s,t=function(e,t,r,n){var o,i=arguments.length,s=i<3?t:null===n?n=Object.getOwnPropertyDescriptor(t,r):n;if("object"==typeof Reflect&&"function"==typeof Reflect.decorate)s=Reflect.decorate(e,t,r,n);else for(var a=e.length-1;0<=a;a--)(o=e[a])&&(s=(i<3?o(s):3<i?o(t,r,s):o(t,r))||s);return 3<i&&s&&Object.defineProperty(t,r,s),s},r=function(e,t){if("object"==typeof Reflect&&"function"==typeof Reflect.metadata)return Reflect.metadata(e,t)},c=function(){function e(){}return e.instance=function(){return D.IOC.get("apiService")},e.prototype.getCollection=function(){return this.collectionsService.getCollectionByName("apis")},e.prototype.save=function(t){return this.getCollection().getMongoDBCollection().insert(t.toDocument()).then(function(e){return t._id=e})},e.prototype.update=function(e){var t=e.toDocument();return this.getCollection().getMongoDBCollection().update(t._id,{$set:{path:t.path,contentType:t.contentType,httpMethod:t.httpMethod,headers:t.headers,authorized:t.authorized,type:t.type}})},e.prototype.delete=function(e){return this.getCollection().getMongoDBCollection().remove(e._id)},t([D.Autowired(),r("design:type",Object)],e.prototype,"collectionsService",void 0),t([D.Autowired(),r("design:type",Object)],e.prototype,"dataBridge",void 0),t([D.Autowired(),r("design:type",Object)],e.prototype,"tokenService",void 0),t([D.Autowired(),r("design:type",D.Typesystem)],e.prototype,"typesystem",void 0),t([D.Autowired(),r("design:type",Object)],e.prototype,"httpService",void 0),e}(),u=(n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)t.hasOwnProperty(r)&&(e[r]=t[r])},function(e,t){function r(){this.constructor=e}n(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)}),p=function(e,t,r,n){var o,i=arguments.length,s=i<3?t:null===n?n=Object.getOwnPropertyDescriptor(t,r):n;if("object"==typeof Reflect&&"function"==typeof Reflect.decorate)s=Reflect.decorate(e,t,r,n);else for(var a=e.length-1;0<=a;a--)(o=e[a])&&(s=(i<3?o(s):3<i?o(t,r,s):o(t,r))||s);return 3<i&&s&&Object.defineProperty(t,r,s),s},l=function(e,t){if("object"==typeof Reflect&&"function"==typeof Reflect.metadata)return Reflect.metadata(e,t)},d=function(i,s,a,c){return new(a||(a=Promise))(function(e,t){function r(e){try{o(c.next(e))}catch(e){t(e)}}function n(e){try{o(c.throw(e))}catch(e){t(e)}}function o(t){t.done?e(t.value):new a(function(e){e(t.value)}).then(r,n)}o((c=c.apply(i,s||[])).next())})},L=function(r,n){var o,i,s,e,a={label:0,sent:function(){if(1&s[0])throw s[1];return s[1]},trys:[],ops:[]};return e={next:t(0),throw:t(1),return:t(2)},"function"==typeof Symbol&&(e[Symbol.iterator]=function(){return this}),e;function t(t){return function(e){return function(t){if(o)throw new TypeError("Generator is already executing.");for(;a;)try{if(o=1,i&&(s=2&t[0]?i.return:t[0]?i.throw||((s=i.return)&&s.call(i),0):i.next)&&!(s=s.call(i,t[1])).done)return s;switch(i=0,s&&(t=[2&t[0],s.value]),t[0]){case 0:case 1:s=t;break;case 4:return a.label++,{value:t[1],done:!1};case 5:a.label++,i=t[1],t=[0];continue;case 7:t=a.ops.pop(),a.trys.pop();continue;default:if(!(s=0<(s=a.trys).length&&s[s.length-1])&&(6===t[0]||2===t[0])){a=0;continue}if(3===t[0]&&(!s||t[1]>s[0]&&t[1]<s[3])){a.label=t[1];break}if(6===t[0]&&a.label<s[1]){a.label=s[1],s=t;break}if(s&&a.label<s[2]){a.label=s[2],a.ops.push(t);break}s[2]&&a.ops.pop(),a.trys.pop();continue}t=n.call(r,a)}catch(e){t=[6,e],i=0}finally{o=s=0}if(5&t[0])throw t[1];return{value:t[0]?t[1]:void 0,done:!0}}([t,e])}}},h=function(t){function e(){var e=null!==t&&t.apply(this,arguments)||this;return e.registeredEndpoints=[],e}return u(e,t),e.prototype.createCallbackEndpoint=function(e,t){D.Logger.debug("APIService","Registering callback endpoint : ",e.toDocument()),this.registerEndpoint(e,t)},e.prototype.getUserId=function(e){if(void 0===e||void 0===e.headers||void 0===e.headers.authorization)throw new Error("No authorization header found! params: "+JSON.stringify(e));if(!this.authService.checkToken(e.headers.authorization))throw new Error("authorization is invalid!");return this.authService.getUserId(e.headers.authorization)},e.prototype.getUser=function(s){var e=this;return new Promise(function(o,i){return d(e,void 0,void 0,function(){var t,r,n;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,2,,3]),t=this.getUserId(s),r=o,[4,this.userService.getUserById({id:t}).getModel(0)];case 1:return r.apply(void 0,[e.sent()]),[3,3];case 2:return n=e.sent(),i(n),[3,3];case 3:return[2]}})})})},e.prototype.getUserGroupIds=function(s){var e=this;return new Promise(function(o,i){return d(e,void 0,void 0,function(){var t,r,n;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,2,,3]),t=this.getUserId(s),r=o,[4,a.UsergroupsCollection.getCollection().getMongoDBCollection().find({userIds:t}).fetch()];case 1:return r.apply(void 0,[e.sent().map(function(e){return e._id})]),[3,3];case 2:return n=e.sent(),i(n),[3,3];case 3:return[2]}})})})},e.prototype.getTotallyOpenCORSHeaders=function(){return{"Access-Control-Allow-Origin":"*","Access-Control-Allow-Methods":"POST,PUT,GET,DELETE,HEAD,OPTIONS","Access-Control-Allow-Headers":"Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range","Access-Control-Expose-Headers":"Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range"}},e.prototype.createAPIClassEndpoint=function(c,u){var e=this;if(void 0===c)throw new Error("Type has to be set when calling apiService.createAPIClassEndpoint!");if(void 0===u)throw new Error("APIClass has to be set when calling apiService.createAPIClassEndpoint!");if(c.service&&c.service.methods instanceof Array)for(var t=function(t){if("http"===t.type&&void 0!==t.api){var e=v.fromDocument(t.api);void 0===e.headers&&(e.headers={}),M.extend(e.headers,r.getTotallyOpenCORSHeaders()),r.registerEndpoint(e,function(e){return(new u)[t.name](e)})}},r=this,n=0,o=c.service.methods;n<o.length;n++){t(o[n])}if(c.hasRestfulAPIEndpoint()){var p=M.find(c.service.queries,function(e){return void 0!==e.restfulAPI}),i=p.restfulAPI.path?p.restfulAPI.path:c.getCollectionName();this.createCallbackEndpoint(v.fromDocument({httpMethod:"POST",path:i}),function(i){return new Promise(function(n,o){return d(e,void 0,void 0,function(){var t,r;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,3,,4]),[4,this.checkRestfulPermission(p,"create",i)];case 1:return e.sent(),t=n,[4,(new u)["create"+c.getModelClassName()](i)];case 2:return[2,t.apply(void 0,[e.sent()])];case 3:return r=e.sent(),o(this.createAPIErrorFromException(r)),[3,4];case 4:return[2]}})})})}),this.createCallbackEndpoint(v.fromDocument({httpMethod:"PUT",path:i+"/:id"}),function(a){return new Promise(function(i,s){return d(e,void 0,void 0,function(){var t,r,n,o;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,3,,4]),[4,this.checkRestfulPermission(p,"update",a)];case 1:return e.sent(),void 0===(t=a.pathParams.id)?[2,s(this.createAPIError({httpCode:"404",message:"No modelId present in path!"}))]:(r=a.data)._id!==t?[2,s(this.createAPIError({httpCode:"406",message:"modelId ("+r._id+") is different to the id present in the path ("+t+")!"}))]:(n=i,[4,(new u)["update"+c.getModelClassName()](a)]);case 2:return[2,n.apply(void 0,[e.sent()])];case 3:return o=e.sent(),s(this.createAPIErrorFromException(o)),[3,4];case 4:return[2]}})})})}),this.createCallbackEndpoint(v.fromDocument({httpMethod:"DELETE",path:i+"/:id"}),function(i){return new Promise(function(n,o){return d(e,void 0,void 0,function(){var t,r;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,3,,4]),[4,this.checkRestfulPermission(p,"update",i)];case 1:return e.sent(),t=n,[4,(new u)["delete"+c.getModelClassName()](i)];case 2:return[2,t.apply(void 0,[e.sent()])];case 3:return r=e.sent(),o(this.createAPIErrorFromException(r)),[3,4];case 4:return[2]}})})})})}},e.prototype.createServiceQueryEndpoint=function(n,o){var e=this;if(void 0===n)throw new Error("Type cannot be undefined when creating a serviceQueryEndpoint!");if(void 0===o)throw new Error("ServiceQuery cannot be undefined when creating a serviceQueryEndpoint!");void 0===o.api.path&&(o.api.path=this.getApiURL(n.getCollectionName(),o.name)),void 0===o.api.httpMethod&&(o.api.httpMethod="GET"),void 0===o.api.headers&&(o.api.headers={}),D.Logger.debug("APIService","Registering service query endpoint for "+n.getServiceName()+" -> "+o.name+" -> "+o.api.httpMethod+" "+o.api.path),M.extend(o.api.headers,this.getTotallyOpenCORSHeaders());var i=v.fromDocument(o.api);i.type="query",this.registerEndpoint(i,function(r){return d(e,void 0,void 0,function(){var t;return L(this,function(e){t=this.getCurrentUrl(i.path,o,r);try{return[2,this.getServiceQueryResult(n,o,r,t)]}catch(e){return D.Logger.debug("APIService","Error while processing models for serviceQueryEndpoint '"+i.path+"': "+JSON.stringify(e)),[2,Promise.reject(e)]}return[2]})})})},e.prototype.createRestfulServiceQueryEndpoint=function(a,c){var e=this,u=c.restfulAPI.path?c.restfulAPI.path:a.getCollectionName();this.createCallbackEndpoint(v.fromDocument({contentType:"application/json",httpMethod:"GET",path:u,type:"restful"}),function(s){return new Promise(function(o,i){return d(e,void 0,void 0,function(){var t,r,n;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,3,,4]),[4,this.checkRestfulPermission(c,"read",s)];case 1:return e.sent(),t=this.getCurrentUrl(u,c,s),r=o,[4,this.getServiceQueryResult(a,c,s,t)];case 2:return[2,r.apply(void 0,[e.sent()])];case 3:return n=e.sent(),D.Logger.debug("APIService","Error while processing models for serviceQueryEndpoint '"+u+"': "+JSON.stringify(n)),i(n),[3,4];case 4:return[2]}})})})}),this.createCallbackEndpoint(v.fromDocument({contentType:"application/json",httpMethod:"GET",path:u+"/:id"}),function(s){return new Promise(function(o,i){return d(e,void 0,void 0,function(){var t,r,n;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,3,,4]),[4,this.checkRestfulPermission(c,"read",s)];case 1:return e.sent(),s.queryParams["filter.id"]=s.pathParams.id,t=this.getCurrentUrl(u,c,s),[4,this.getServiceQueryResult(a,c,s,t)];case 2:return(r=e.sent())&&0!==r.data.length?1!==r.data.length?[2,i(this.createAPIError({httpCode:"409",message:"more than one model found, maybe the API endpoint has a bad configuration!"}))]:(o(r.data[0]),[3,4]):[2,i(this.createAPIError({httpCode:"404",message:"model not found"}))];case 3:return n=e.sent(),i(n),[3,4];case 4:return[2]}})})})})},e.prototype.createPaginationResult=function(e,t,r,n){-1===t.indexOf("http")&&("/"!==t.charAt(0)&&(t="/"+t),t=this.configurationService.get("smallstack.api.url","http://localhost:3000")+t),t.endsWith("?")&&(t=t.substr(0,t.length-1));var o="?";-1!==t.indexOf("?")&&(o="&");var i=this.getPaginationParameters(r),s={meta:{pagination:{baseURL:t,total:n,entriesPerPage:i.entriesPerPage,currentPage:i.currentPage,totalPages:Math.ceil(n/i.entriesPerPage)}},data:e};return n>i.currentPage*i.entriesPerPage&&(s.meta.pagination.nextURL=t+o+"entriesPerPage="+i.entriesPerPage+"¤tPage="+(i.currentPage+1)),1<i.currentPage&&(s.meta.pagination.previousURL=t+o+"entriesPerPage="+i.entriesPerPage+"¤tPage="+(i.currentPage-1)),s},e.prototype.getPaginationParameters=function(e){var t=10,r=1;return e&&e.queryParams&&e.queryParams.entriesPerPage&&(t=parseInt(e.queryParams.entriesPerPage)),e&&e.queryParams&&e.queryParams.currentPage&&(r=parseInt(e.queryParams.currentPage)),{entriesPerPage:t,skip:(r-1)*t,currentPage:r}},e.prototype.getAPIPathPrefix=function(){var e=process.env.SMALLSTACK_API_PREFIX;if(e){if("string"!=typeof e)throw new Error("SMALLSTACK_API_PREFIX has to be typof string!");if("/"!==e.charAt(0))throw new Error("SMALLSTACK_API_PREFIX has to start with a forward slash! (e.g. '/api')");return e.substr(1)}return"api"},e.prototype.getApiURL=function(e,t){return e+"/"+D.Utils.decapitalize(t.replace("get","")).toLowerCase()},e.prototype.getRegisteredAPIEndpoints=function(){return this.registeredEndpoints},e.prototype.createAPISelector=function(T,R,_){var e=this;return new Promise(function(E,O){return d(e,void 0,void 0,function(){var t,r,n,o,i,s,a,c,u,p,l,d,h,f,g,y,m,v,P,A,b,I,C,S,w=this;return L(this,function(e){switch(e.label){case 0:if(e.trys.push([0,11,,12]),!(t=T.getServiceQueryByName(R)))return[2,O("Could not find serviceQuery for type "+T.getModelName()+" and queryName "+R)];r=void 0;try{r=this.getUserId(_)}catch(e){if(t.api&&!0===t.api.authorized)return[2,O(e)]}return(n=void 0)===t.access?[3,2]:[4,this.checkCollectionAccess(t,r,_)];case 1:n=e.sent(),e.label=2;case 2:return t.restfulAPI&&t.restfulAPI.objectPermissionsField?[4,this.getUserGroupIds(_)]:[3,4];case 3:o=e.sent(),i={$or:[]},(s={})[t.restfulAPI.objectPermissionsField+".read.userIds"]=r,(a={})[t.restfulAPI.objectPermissionsField+".read.userGroupIds"]={$in:o},i.$or.push(s),i.$or.push(a),n=void 0!==n?{$and:[n,i]}:i,e.label=4;case 4:if(D.Logger.debug("APIService"," -> AccessSelector",n),c={},void 0!==t.selector&&k.merge(c,t.selector),u=D.TypesystemUtils.extractSelectorParameters(t.selector),p={},M.each(u,function(r){var n;if(_&&_.queryParams&&(n=_.queryParams["filter."+r.name]),D.Logger.debug("APIService","selectorParameterValue: ",n),"string"==typeof n)-1!==r.type.indexOf("[]")?(n=n.split(","),M.each(n,function(e,t){"number"===r.type&&(n[t]=parseFloat(n[t])),"boolean"===r.type&&(n[t]="true"===n[t])})):("number"===r.type&&(n=parseFloat(n)),"boolean"===r.type&&(n="true"===n)),p[r.name]=n;else if(!r.isOptional)return O(w.createAPIError({httpCode:"400",message:"errors.parameter_missing",replacers:{parameterName:r.name}}))}),D.Logger.debug("APIService","casted query parameters: ",p),c=D.TypesystemUtils.filterSelectorParameters(c,p),void 0!==n&&k.merge(c,n),D.Logger.debug("APIService","Executing service query: "+T.getServiceName()+"->"+R,c),l={},"number"==typeof(d=this.getPaginationParameters(_)).entriesPerPage&&0<d.entriesPerPage?l.limit=d.entriesPerPage:"number"==typeof d.entriesPerPage&&0<d.entriesPerPage?l.limit=void 0:l.limit=10,d.currentPage?l.skip=(d.currentPage-1)*l.limit:l.skip=0,_&&_.queryParams&&"string"==typeof _.queryParams.sort&&(h=_.queryParams.sort,D.Logger.debug("APIService","Found sort : "+h+" -> typeof "+typeof h),f=h.startsWith("-")?-1:1,h.startsWith("-")&&(h=h.substr(1)),l.sort=[[h,f]]),l.fields={},void 0!==t.fields&&(l.fields=M.clone(t.fields)),!_||!_.queryParams||void 0===_.queryParams.fields)return[3,10];if(D.Logger.debug("APIService","Found fields : "+_.queryParams.fields),g=_.queryParams.fields.split(","),!t.restfulAPI||!t.restfulAPI.fields)return[3,10];for(m in y=[],t.restfulAPI.fields)y.push(m);v=0,e.label=5;case 5:if(!(v<y.length))return[3,10];if(P=y[v],!t.restfulAPI.fields[P])return[3,9];A=t.restfulAPI.fields[P],b=0,I=g,e.label=6;case 6:return b<I.length?(C=I[b],-1===A.indexOf(C)?[3,8]:[4,this.permissionService.userHasPermission(r,P)]):[3,9];case 7:e.sent()&&(D.Logger.debug("APIService","Adding field : "+C),l.fields[C]=1),e.label=8;case 8:return b++,[3,6];case 9:return v++,[3,5];case 10:return l.transform=null,D.Logger.debug("APIService"," with params: "+JSON.stringify(c)),D.Logger.debug("APIService"," with options: "+JSON.stringify(l)),[2,E({selector:c,options:l})];case 11:return S=e.sent(),[2,O(S)];case 12:return[2]}})})})},e.prototype.checkTypesystem=function(){var t=this;this.typesystem.getAllTypes().forEach(function(e){t.checkType(e)}),this.typesystem.afterTypeAdded(function(e){t.checkType(e)})},e.prototype.getUniqueCallbackName=function(e){return e.path+e.httpMethod},e.prototype.createAPIError=function(e){void 0===e.title&&(e.title="notifications.error.title"),void 0===e.httpCode&&(e.httpCode="500");var t={errors:[{status:e.httpCode,title:e.title,detail:e.message}]};return e.replacers&&(t.meta={i18nReplacers:e.replacers}),t},e.prototype.createAPIErrorFromException=function(e){return{errors:[{status:"500",title:"notifications.error.title",detail:e.message,meta:{error:e}}]}},e.prototype.checkRestfulPermission=function(a,c,u){var e=this;return new Promise(function(i,s){return d(e,void 0,void 0,function(){var t,r,n,o;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,5,,6]),a.restfulAPI?a.restfulAPI.permissions&&a.restfulAPI.permissions[c]?"anonymous"===(t=a.restfulAPI.permissions[c])?[3,2]:(r=this.getUserId(u),D.Logger.debug("APIService","Checking restful api permission '"+t+"' for userId "+r),[4,this.permissionService.userHasPermission(r,t)]):[3,3]:[2,s(this.createAPIError({httpCode:"501",message:"This is not a restful API endpoint: "+a.name+" ["+c+"]!"}))];case 1:if(n=e.sent(),D.Logger.debug("APIService","Result: "+n),!n)return[2,s(this.createAPIError({httpCode:"403",message:"Permission '"+t+"' needed for "+a.name+" ["+c+"]!"}))];e.label=2;case 2:return[3,4];case 3:if(!a.restfulAPI.objectPermissionsField)return[2,s(this.createAPIError({httpCode:"501",message:"No permission found for "+a.name+" ["+c+"]!"}))];i(),e.label=4;case 4:return i(),[3,6];case 5:return o=e.sent(),s(o),[3,6];case 6:return[2]}})})})},e.prototype.getServiceQueryResult=function(e,t,r,n){var o=this;return D.Logger.debug("APIService","getting cursor"),this.getServiceQueryCursor(e,t.name,r).then(function(e){return D.Logger.debug("APIService","getting count"),e.count().then(function(t){return D.Logger.debug("APIService","got "+t+", fetching models"),e.fetch().then(function(e){return D.Logger.debug("APIService","creating pagination"),o.createPaginationResult(e,n,r,t)})})})},e.prototype.getCurrentUrl=function(e,t,r){var n=e+"?",o=D.TypesystemUtils.extractSelectorParameters(t.selector);return M.each(o,function(e){var t=r.queryParams["filter."+e.name];"string"==typeof t&&("number"===e.type&&(t=parseFloat(t)),"boolean"===e.type&&(t="true"===t),n+="&filter."+e.name+"="+t,D.Logger.debug("APIService","Replaced "+e.name+" with "+t+", typeof "+e.type))}),n},e.prototype.checkType=function(t){var r=this;D.Logger.debug("APIService","Checking Type: "+t.getModelName()),t.service&&t.service.queries instanceof Array&&(M.each(t.service.queries,function(e){void 0!==e.api?r.createServiceQueryEndpoint(t,e):void 0!==e.restfulAPI&&r.createRestfulServiceQueryEndpoint(t,e)}),t.service.methods instanceof Array&&M.each(t.service.methods,function(e){if(e.api&&"ddp"===e.type)throw new Error("DDP methods aren't supported anymore!")}))},e.prototype.getServiceQueryCursor=function(t,e,r){var n=this;return this.createAPISelector(t,e,r).then(function(e){return n.collectionsService.getCollectionByName(t.getCollectionName()).getMongoDBCollection().find(e.selector,e.options)})},e.prototype.checkCollectionAccess=function(u,p,l){var e=this;return new Promise(function(a,c){return d(e,void 0,void 0,function(){var t,r,n,o,i,s;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,2,,3]),t=void 0,D.Logger.debug("APIService","Checking access for query: "+u.name),[4,this.collectionAccessService.checkAccess(u,{userId:p,headers:l.headers})];case 1:for(r=e.sent(),D.Logger.debug("APIService"," -> Result",r),n=0,o=r;n<o.length;n++)switch((i=o[n]).type){case"boolean":if(!1===i.value)return[2,c(this.createAPIError({httpCode:"403",message:"Access denied by access rule!"}))];break;case"selector":if(void 0!==t)return[2,c(this.createAPIError({httpCode:"401",message:"Accessor Groups with more than one access method that changes the selector are not supported!"}))];t=i.value;break;default:return[2,c(this.createAPIError({httpCode:"500",message:"Unknown selector access type :"+i.type}))]}return a(t),[3,3];case 2:return s=e.sent(),D.Logger.error("APIService","Error while checking access: "+JSON.stringify(s)+" Stack: "+s.stack),[2,c(this.createAPIErrorFromException(s))];case 3:return[2]}})})})},p([D.Autowired(),l("design:type",Object)],e.prototype,"collectionAccessService",void 0),p([D.Autowired(),l("design:type",Object)],e.prototype,"authService",void 0),p([D.Autowired(),l("design:type",a.UserService)],e.prototype,"userService",void 0),p([D.Autowired(),l("design:type",D.ConfigurationService)],e.prototype,"configurationService",void 0),p([D.Autowired(),l("design:type",a.PermissionService)],e.prototype,"permissionService",void 0),e}(c),f=function(e,t,r,n){var o,i=arguments.length,s=i<3?t:null===n?n=Object.getOwnPropertyDescriptor(t,r):n;if("object"==typeof Reflect&&"function"==typeof Reflect.decorate)s=Reflect.decorate(e,t,r,n);else for(var a=e.length-1;0<=a;a--)(o=e[a])&&(s=(i<3?o(s):3<i?o(t,r,s):o(t,r))||s);return 3<i&&s&&Object.defineProperty(t,r,s),s},g=function(e,t){if("object"==typeof Reflect&&"function"==typeof Reflect.metadata)return Reflect.metadata(e,t)},y=function(){function e(){this.contentType="application/json",this.httpMethod="GET",this.authorized=!1,this.type="manual",this._hasSubDocuments=!1}return e.fromDocument=function(e){if(null==e)throw new Error("doc cannot be undefined/null while calling GeneratedAPI.fromDocument(doc)!");v.validate(e);var t=new v;return void 0!==e._id&&(t._id=e._id),void 0!==e.path&&(t.path=e.path),void 0!==e.contentType&&(t.contentType=e.contentType),void 0!==e.httpMethod&&(t.httpMethod=e.httpMethod),void 0!==e.headers&&(t.headers=e.headers),void 0!==e.authorized&&(t.authorized=e.authorized),void 0!==e.type&&(t.type=e.type),t},e.validate=function(e,t){void 0===t&&(t=!0);var r=D.IOC.get("typeValidator").validateType(v.asType(),e);if(t&&!r.valid)throw new D.ValidationException(r);return r},e.prototype.toDocument=function(){var e={};return e.path=this.path,e.contentType=this.contentType,e.httpMethod=this.httpMethod,e.headers=this.headers,e.authorized=this.authorized,e.type=this.type,this.isStored()&&(e._id=this._id),JSON.parse(JSON.stringify(e))},e.prototype.clone=function(){return v.fromDocument(this.toDocument())},e.prototype.saveSnapshot=function(){this._snapshot=this.toDocument()},e.prototype.restoreSnapshot=function(){if(!this._snapshot)throw new Error("Could not restore snapshot of model since no snapshot was saved before!");M.extend(this,this._snapshot)},e.prototype.hasSubDocuments=function(){return this._hasSubDocuments},e.prototype.isStored=function(){return void 0!==this._id},e.getModelName=function(){return"API"},e.prototype.getModelName=function(){return"API"},e.prototype.getForeignLabel=function(){return this.getModelName()+" ID:"+this._id},e.getModelClass=function(){return D.IOC.get("API")},e.prototype.getModelClass=function(){return D.IOC.get("API")},e.prototype.delete=function(){return h.instance().delete(this)},e.prototype.update=function(){return h.instance().update(this)},e.prototype.save=function(){return h.instance().save(this)},e.asType=function(){return D.Typesystem.instance().getTypeByModelName("API")},e.enums={httpMethod:{GET:"GET",POST:"POST",HEAD:"HEAD",PUT:"PUT",DELETE:"DELETE",OPTIONS:"OPTIONS"},type:{QUERY:"query",METHOD:"method",MANUAL:"manual",RESTFUL:"restful"}},f([D.Autowired(),g("design:type",Object)],e.prototype,"dataBridge",void 0),e}(),m=(o=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)t.hasOwnProperty(r)&&(e[r]=t[r])},function(e,t){function r(){this.constructor=e}o(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)}),v=function(e){function t(){return null!==e&&e.apply(this,arguments)||this}return m(t,e),t}(y),P=(i=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)t.hasOwnProperty(r)&&(e[r]=t[r])},function(e,t){function r(){this.constructor=e}i(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)}),A=function(t){function e(){var e=t.call(this)||this;return e.createMongoDBCollection(),e.applyAllowDenyRules(),e.createIndexes(),e.createPublications(),e}return P(e,t),e.prototype.createPublications=function(){this.dataBridge.isServer()},e.prototype.createMongoDBCollection=function(){this.mongoDBCollection=this.collectionsService.createMongoDBCollection("apis",function(e){return v.fromDocument(e)}),this.collectionsService.registerCollection("apis",this)},e.prototype.applyAllowDenyRules=function(){var e=this.getMongoDBCollectionAllowRules(),t=this.getMongoDBCollectionDenyRules();e&&this.mongoDBCollection.allow(e),t&&this.mongoDBCollection.deny(t)},e.prototype.getMongoDBCollectionAllowRules=function(){},e.prototype.getMongoDBCollectionDenyRules=function(){return{insert:function(e,t){return!1},update:function(e,t,r,n){return!1},remove:function(e,t){return!1}}},e.prototype.getForeignCollection=function(e){},e.prototype.getCollectionName=function(){return e.COLLECTION_NAME},e.getCollection=function(){return D.IOC.get("collectionsService").getCollectionByName(e.COLLECTION_NAME)},e.COLLECTION_NAME="apis",e.queries={},e.expandables={},e}(D.BaseCollection),b=(s=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)t.hasOwnProperty(r)&&(e[r]=t[r])},function(e,t){function r(){this.constructor=e}s(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)}),I=function(e){function t(){return null!==e&&e.apply(this,arguments)||this}return b(t,e),t}(A);function C(t){void 0===t&&(t={createCollections:!0,registerModels:!0,registerServices:!0,registerTypes:!0}),D.IOC.onRegister("typesystem",function(e){!0===t.registerTypes&&e.addType(D.Type.fromDocument({collection:{name:"apis"},service:{name:"APIService",abstract:!0,queries:[]},model:{name:"API",schema:[{name:"path",type:"string"},{name:"contentType",type:"string",defaultValue:"application/json",optional:!0},{name:"httpMethod",type:"string",defaultValue:"GET",allowedValues:["GET","POST","HEAD","PUT","DELETE","OPTIONS"],optional:!0},{name:"headers",type:"StringDictionary",optional:!0},{name:"authorized",type:"boolean",optional:!0,defaultValue:!1},{name:"type",type:"string",allowedValues:["query","method","manual","restful"],optional:!0,defaultValue:"manual"}]},packageName:"@smallstack/api-server"})),!0===t.registerModels&&D.IOC.register("API",v),!0===t.createCollections&&D.IOC.register("apisCollection",new I)})}e.initializeSmallstackApiServerPackage=function(e){void 0===e&&(e={createCollections:!0,registerModels:!0,registerServices:!0,registerTypes:!0}),C(e)},e.initializeAPIType=C,e.API=v,e.GeneratedAPI=y,e.APIService=h,e.ApisCollection=I,Object.defineProperty(e,"__esModule",{value:!0})}); | ||
| !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("@smallstack/common"),require("underscore"),require("@smallstack/user"),require("lodash")):"function"==typeof define&&define.amd?define(["exports","@smallstack/common","underscore","@smallstack/user","lodash"],t):t(e["@smallstack/api-server"]={},e["@smallstack/common"],e._,e["@smallstack/user"],e.lodash)}(this,function(e,D,M,a,k){"use strict";var n,o,i,s,t=function(e,t,r,n){var o,i=arguments.length,s=i<3?t:null===n?n=Object.getOwnPropertyDescriptor(t,r):n;if("object"==typeof Reflect&&"function"==typeof Reflect.decorate)s=Reflect.decorate(e,t,r,n);else for(var a=e.length-1;0<=a;a--)(o=e[a])&&(s=(i<3?o(s):3<i?o(t,r,s):o(t,r))||s);return 3<i&&s&&Object.defineProperty(t,r,s),s},r=function(e,t){if("object"==typeof Reflect&&"function"==typeof Reflect.metadata)return Reflect.metadata(e,t)},c=function(){function e(){}return e.instance=function(){return D.IOC.get("apiService")},e.prototype.getCollection=function(){return this.collectionsService.getCollectionByName("apis")},e.prototype.save=function(t){return this.getCollection().getMongoDBCollection().insert(t.toDocument()).then(function(e){return t._id=e})},e.prototype.update=function(e){var t=e.toDocument();return this.getCollection().getMongoDBCollection().update(t._id,{$set:{path:t.path,contentType:t.contentType,httpMethod:t.httpMethod,headers:t.headers,authorized:t.authorized,type:t.type}})},e.prototype.delete=function(e){return this.getCollection().getMongoDBCollection().remove(e._id)},t([D.Autowired(),r("design:type",Object)],e.prototype,"collectionsService",void 0),t([D.Autowired(),r("design:type",Object)],e.prototype,"dataBridge",void 0),t([D.Autowired(),r("design:type",Object)],e.prototype,"tokenService",void 0),t([D.Autowired(),r("design:type",D.Typesystem)],e.prototype,"typesystem",void 0),t([D.Autowired(),r("design:type",Object)],e.prototype,"httpService",void 0),e}(),u=(n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)t.hasOwnProperty(r)&&(e[r]=t[r])},function(e,t){function r(){this.constructor=e}n(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)}),p=function(e,t,r,n){var o,i=arguments.length,s=i<3?t:null===n?n=Object.getOwnPropertyDescriptor(t,r):n;if("object"==typeof Reflect&&"function"==typeof Reflect.decorate)s=Reflect.decorate(e,t,r,n);else for(var a=e.length-1;0<=a;a--)(o=e[a])&&(s=(i<3?o(s):3<i?o(t,r,s):o(t,r))||s);return 3<i&&s&&Object.defineProperty(t,r,s),s},l=function(e,t){if("object"==typeof Reflect&&"function"==typeof Reflect.metadata)return Reflect.metadata(e,t)},d=function(i,s,a,c){return new(a||(a=Promise))(function(e,t){function r(e){try{o(c.next(e))}catch(e){t(e)}}function n(e){try{o(c.throw(e))}catch(e){t(e)}}function o(t){t.done?e(t.value):new a(function(e){e(t.value)}).then(r,n)}o((c=c.apply(i,s||[])).next())})},L=function(r,n){var o,i,s,e,a={label:0,sent:function(){if(1&s[0])throw s[1];return s[1]},trys:[],ops:[]};return e={next:t(0),throw:t(1),return:t(2)},"function"==typeof Symbol&&(e[Symbol.iterator]=function(){return this}),e;function t(t){return function(e){return function(t){if(o)throw new TypeError("Generator is already executing.");for(;a;)try{if(o=1,i&&(s=2&t[0]?i.return:t[0]?i.throw||((s=i.return)&&s.call(i),0):i.next)&&!(s=s.call(i,t[1])).done)return s;switch(i=0,s&&(t=[2&t[0],s.value]),t[0]){case 0:case 1:s=t;break;case 4:return a.label++,{value:t[1],done:!1};case 5:a.label++,i=t[1],t=[0];continue;case 7:t=a.ops.pop(),a.trys.pop();continue;default:if(!(s=0<(s=a.trys).length&&s[s.length-1])&&(6===t[0]||2===t[0])){a=0;continue}if(3===t[0]&&(!s||t[1]>s[0]&&t[1]<s[3])){a.label=t[1];break}if(6===t[0]&&a.label<s[1]){a.label=s[1],s=t;break}if(s&&a.label<s[2]){a.label=s[2],a.ops.push(t);break}s[2]&&a.ops.pop(),a.trys.pop();continue}t=n.call(r,a)}catch(e){t=[6,e],i=0}finally{o=s=0}if(5&t[0])throw t[1];return{value:t[0]?t[1]:void 0,done:!0}}([t,e])}}},h=function(t){function e(){var e=null!==t&&t.apply(this,arguments)||this;return e.registeredEndpoints=[],e}return u(e,t),e.prototype.createCallbackEndpoint=function(e,t){D.Logger.debug("APIService","Registering callback endpoint : ",e.toDocument()),this.registerEndpoint(e,t)},e.prototype.getUserId=function(e){if(void 0===e||void 0===e.headers||void 0===e.headers.authorization)throw new Error("No authorization header found! params: "+JSON.stringify(e));if(!this.authService.checkToken(e.headers.authorization))throw new Error("authorization is invalid!");return this.authService.getUserId(e.headers.authorization)},e.prototype.getUser=function(s){var e=this;return new Promise(function(o,i){return d(e,void 0,void 0,function(){var t,r,n;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,2,,3]),t=this.getUserId(s),r=o,[4,this.userService.getUserById({id:t}).getModel(0)];case 1:return r.apply(void 0,[e.sent()]),[3,3];case 2:return n=e.sent(),i(n),[3,3];case 3:return[2]}})})})},e.prototype.getUserGroupIds=function(s){var e=this;return new Promise(function(o,i){return d(e,void 0,void 0,function(){var t,r,n;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,2,,3]),t=this.getUserId(s),r=o,[4,a.UsergroupsCollection.getCollection().getMongoDBCollection().find({userIds:t}).fetch()];case 1:return r.apply(void 0,[e.sent().map(function(e){return e._id})]),[3,3];case 2:return n=e.sent(),i(n),[3,3];case 3:return[2]}})})})},e.prototype.getTotallyOpenCORSHeaders=function(){return{"Access-Control-Allow-Origin":"*","Access-Control-Allow-Methods":"POST,PUT,GET,DELETE,HEAD,OPTIONS","Access-Control-Allow-Headers":"Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range","Access-Control-Expose-Headers":"Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range"}},e.prototype.createAPIClassEndpoint=function(c,u){var e=this;if(void 0===c)throw new Error("Type has to be set when calling apiService.createAPIClassEndpoint!");if(void 0===u)throw new Error("APIClass has to be set when calling apiService.createAPIClassEndpoint!");if(c.service&&c.service.methods instanceof Array)for(var t=function(t){if("http"===t.type&&void 0!==t.api){var e=v.fromDocument(t.api);void 0===e.headers&&(e.headers={}),M.extend(e.headers,r.getTotallyOpenCORSHeaders()),r.registerEndpoint(e,function(e){return(new u)[t.name](e)})}},r=this,n=0,o=c.service.methods;n<o.length;n++){t(o[n])}if(c.hasRestfulAPIEndpoint()){var p=M.find(c.service.queries,function(e){return void 0!==e.restfulAPI}),i=p.restfulAPI.path?p.restfulAPI.path:c.getCollectionName();this.createCallbackEndpoint(v.fromDocument({httpMethod:"POST",path:i}),function(i){return new Promise(function(n,o){return d(e,void 0,void 0,function(){var t,r;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,3,,4]),[4,this.checkRestfulPermission(p,"create",i)];case 1:return e.sent(),t=n,[4,(new u)["create"+c.getModelClassName()](i)];case 2:return[2,t.apply(void 0,[e.sent()])];case 3:return r=e.sent(),o(this.createAPIErrorFromException(r)),[3,4];case 4:return[2]}})})})}),this.createCallbackEndpoint(v.fromDocument({httpMethod:"PUT",path:i+"/:id"}),function(a){return new Promise(function(i,s){return d(e,void 0,void 0,function(){var t,r,n,o;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,3,,4]),[4,this.checkRestfulPermission(p,"update",a)];case 1:return e.sent(),void 0===(t=a.pathParams.id)?[2,s(this.createAPIError({httpCode:"404",message:"No modelId present in path!"}))]:(r=a.data)._id!==t?[2,s(this.createAPIError({httpCode:"406",message:"modelId ("+r._id+") is different to the id present in the path ("+t+")!"}))]:(n=i,[4,(new u)["update"+c.getModelClassName()](a)]);case 2:return[2,n.apply(void 0,[e.sent()])];case 3:return o=e.sent(),s(this.createAPIErrorFromException(o)),[3,4];case 4:return[2]}})})})}),this.createCallbackEndpoint(v.fromDocument({httpMethod:"DELETE",path:i+"/:id"}),function(i){return new Promise(function(n,o){return d(e,void 0,void 0,function(){var t,r;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,3,,4]),[4,this.checkRestfulPermission(p,"update",i)];case 1:return e.sent(),t=n,[4,(new u)["delete"+c.getModelClassName()](i)];case 2:return[2,t.apply(void 0,[e.sent()])];case 3:return r=e.sent(),o(this.createAPIErrorFromException(r)),[3,4];case 4:return[2]}})})})})}},e.prototype.createServiceQueryEndpoint=function(n,o){var e=this;if(void 0===n)throw new Error("Type cannot be undefined when creating a serviceQueryEndpoint!");if(void 0===o)throw new Error("ServiceQuery cannot be undefined when creating a serviceQueryEndpoint!");void 0===o.api.path&&(o.api.path=this.getApiURL(n.getCollectionName(),o.name)),void 0===o.api.httpMethod&&(o.api.httpMethod="GET"),void 0===o.api.headers&&(o.api.headers={}),D.Logger.debug("APIService","Registering service query endpoint for "+n.getServiceName()+" -> "+o.name+" -> "+o.api.httpMethod+" "+o.api.path),M.extend(o.api.headers,this.getTotallyOpenCORSHeaders());var i=v.fromDocument(o.api);i.type="query",this.registerEndpoint(i,function(r){return d(e,void 0,void 0,function(){var t;return L(this,function(e){t=this.getCurrentUrl(i.path,o,r);try{return[2,this.getServiceQueryResult(n,o,r,t)]}catch(e){return D.Logger.debug("APIService","Error while processing models for serviceQueryEndpoint '"+i.path+"': "+JSON.stringify(e)),[2,Promise.reject(e)]}return[2]})})})},e.prototype.createRestfulServiceQueryEndpoint=function(a,c){var e=this,u=c.restfulAPI.path?c.restfulAPI.path:a.getCollectionName();this.createCallbackEndpoint(v.fromDocument({contentType:"application/json",httpMethod:"GET",path:u,type:"restful"}),function(s){return new Promise(function(o,i){return d(e,void 0,void 0,function(){var t,r,n;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,3,,4]),[4,this.checkRestfulPermission(c,"read",s)];case 1:return e.sent(),t=this.getCurrentUrl(u,c,s),r=o,[4,this.getServiceQueryResult(a,c,s,t)];case 2:return[2,r.apply(void 0,[e.sent()])];case 3:return n=e.sent(),D.Logger.debug("APIService","Error while processing models for serviceQueryEndpoint '"+u+"': "+JSON.stringify(n)),i(n),[3,4];case 4:return[2]}})})})}),this.createCallbackEndpoint(v.fromDocument({contentType:"application/json",httpMethod:"GET",path:u+"/:id"}),function(s){return new Promise(function(o,i){return d(e,void 0,void 0,function(){var t,r,n;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,3,,4]),[4,this.checkRestfulPermission(c,"read",s)];case 1:return e.sent(),s.queryParams["filter.id"]=s.pathParams.id,t=this.getCurrentUrl(u,c,s),[4,this.getServiceQueryResult(a,c,s,t)];case 2:return(r=e.sent())&&0!==r.data.length?1!==r.data.length?[2,i(this.createAPIError({httpCode:"409",message:"more than one model found, maybe the API endpoint has a bad configuration!"}))]:(o(r.data[0]),[3,4]):[2,i(this.createAPIError({httpCode:"404",message:"model not found"}))];case 3:return n=e.sent(),i(n),[3,4];case 4:return[2]}})})})})},e.prototype.createPaginationResult=function(e,t,r,n){-1===t.indexOf("http")&&("/"!==t.charAt(0)&&(t="/"+t),t=this.configurationService.get("smallstack.api.url","http://localhost:3000")+t),t.endsWith("?")&&(t=t.substr(0,t.length-1));var o="?";-1!==t.indexOf("?")&&(o="&");var i=this.getPaginationParameters(r),s={meta:{pagination:{baseURL:t,total:n,entriesPerPage:i.entriesPerPage,currentPage:i.currentPage,totalPages:Math.ceil(n/i.entriesPerPage)}},data:e};return n>i.currentPage*i.entriesPerPage&&(s.meta.pagination.nextURL=t+o+"entriesPerPage="+i.entriesPerPage+"¤tPage="+(i.currentPage+1)),1<i.currentPage&&(s.meta.pagination.previousURL=t+o+"entriesPerPage="+i.entriesPerPage+"¤tPage="+(i.currentPage-1)),s},e.prototype.getPaginationParameters=function(e){var t=10,r=1;return e&&e.queryParams&&e.queryParams.entriesPerPage&&(t=parseInt(e.queryParams.entriesPerPage)),e&&e.queryParams&&e.queryParams.currentPage&&(r=parseInt(e.queryParams.currentPage)),{entriesPerPage:t,skip:(r-1)*t,currentPage:r}},e.prototype.getAPIPathPrefix=function(){var e=process.env.SMALLSTACK_API_PREFIX;if(e){if("string"!=typeof e)throw new Error("SMALLSTACK_API_PREFIX has to be typof string!");if("/"!==e.charAt(0))throw new Error("SMALLSTACK_API_PREFIX has to start with a forward slash! (e.g. '/api')");return e.substr(1)}return"api"},e.prototype.getApiURL=function(e,t){return e+"/"+D.Utils.decapitalize(t.replace("get","")).toLowerCase()},e.prototype.getRegisteredAPIEndpoints=function(){return this.registeredEndpoints},e.prototype.createAPISelector=function(T,R,_){var e=this;return new Promise(function(E,O){return d(e,void 0,void 0,function(){var t,r,n,o,i,s,a,c,u,p,l,d,h,f,g,y,m,v,P,A,b,I,C,S,w=this;return L(this,function(e){switch(e.label){case 0:if(e.trys.push([0,11,,12]),!(t=T.getServiceQueryByName(R)))return[2,O("Could not find serviceQuery for type "+T.getModelName()+" and queryName "+R)];r=void 0;try{r=this.getUserId(_)}catch(e){if(t.api&&!0===t.api.authorized)return[2,O(e)]}return(n=void 0)===t.access?[3,2]:[4,this.checkCollectionAccess(t,r,_)];case 1:n=e.sent(),e.label=2;case 2:return t.restfulAPI&&t.restfulAPI.objectPermissionsField?[4,this.getUserGroupIds(_)]:[3,4];case 3:o=e.sent(),i={$or:[]},(s={})[t.restfulAPI.objectPermissionsField+".read.userIds"]=r,(a={})[t.restfulAPI.objectPermissionsField+".read.userGroupIds"]={$in:o},i.$or.push(s),i.$or.push(a),n=void 0!==n?{$and:[n,i]}:i,e.label=4;case 4:if(D.Logger.debug("APIService"," -> AccessSelector",n),c={},void 0!==t.selector&&k.merge(c,t.selector),u=D.TypesystemUtils.extractSelectorParameters(t.selector),p={},M.each(u,function(r){var n;if(_&&_.queryParams&&(n=_.queryParams["filter."+r.name]),D.Logger.debug("APIService","selectorParameterValue: ",n),"string"==typeof n)-1!==r.type.indexOf("[]")?(n=n.split(","),M.each(n,function(e,t){"number"===r.type&&(n[t]=parseFloat(n[t])),"boolean"===r.type&&(n[t]="true"===n[t])})):("number"===r.type&&(n=parseFloat(n)),"boolean"===r.type&&(n="true"===n)),p[r.name]=n;else if(!r.isOptional)return O(w.createAPIError({httpCode:"400",message:"errors.parameter_missing",replacers:{parameterName:r.name}}))}),D.Logger.debug("APIService","casted query parameters: ",p),c=D.TypesystemUtils.filterSelectorParameters(c,p),void 0!==n&&k.merge(c,n),D.Logger.debug("APIService","Executing service query: "+T.getServiceName()+"->"+R,c),l={},"number"==typeof(d=this.getPaginationParameters(_)).entriesPerPage&&0<d.entriesPerPage?l.limit=d.entriesPerPage:"number"==typeof d.entriesPerPage&&0<d.entriesPerPage?l.limit=void 0:l.limit=10,d.currentPage?l.skip=(d.currentPage-1)*l.limit:l.skip=0,_&&_.queryParams&&"string"==typeof _.queryParams.sort&&(h=_.queryParams.sort,D.Logger.debug("APIService","Found sort : "+h+" -> typeof "+typeof h),f=h.startsWith("-")?-1:1,h.startsWith("-")&&(h=h.substr(1)),l.sort=[[h,f]]),l.fields={},void 0!==t.fields&&(l.fields=M.clone(t.fields)),!_||!_.queryParams||void 0===_.queryParams.fields)return[3,10];if(D.Logger.debug("APIService","Found fields : "+_.queryParams.fields),g=_.queryParams.fields.split(","),!t.restfulAPI||!t.restfulAPI.fields)return[3,10];for(m in y=[],t.restfulAPI.fields)y.push(m);v=0,e.label=5;case 5:if(!(v<y.length))return[3,10];if(P=y[v],!t.restfulAPI.fields[P])return[3,9];A=t.restfulAPI.fields[P],b=0,I=g,e.label=6;case 6:return b<I.length?(C=I[b],-1===A.indexOf(C)?[3,8]:[4,this.permissionService.userHasPermission(r,P)]):[3,9];case 7:e.sent()&&(D.Logger.debug("APIService","Adding field : "+C),l.fields[C]=1),e.label=8;case 8:return b++,[3,6];case 9:return v++,[3,5];case 10:return l.transform=null,D.Logger.debug("APIService"," with params: "+JSON.stringify(c)),D.Logger.debug("APIService"," with options: "+JSON.stringify(l)),[2,E({selector:c,options:l})];case 11:return S=e.sent(),[2,O(S)];case 12:return[2]}})})})},e.prototype.createAPIError=function(e){void 0===e.title&&(e.title="notifications.error.title"),void 0===e.httpCode&&(e.httpCode="500");var t={errors:[{status:e.httpCode,title:e.title,detail:e.message}]};return e.replacers&&(t.meta={i18nReplacers:e.replacers}),t},e.prototype.createAPIErrorFromException=function(e){return{errors:[{status:"500",title:"notifications.error.title",detail:e.message,meta:{error:e}}]}},e.prototype.checkTypesystem=function(){var t=this;this.typesystem.getAllTypes().forEach(function(e){t.checkType(e)}),this.typesystem.afterTypeAdded(function(e){t.checkType(e)})},e.prototype.getUniqueCallbackName=function(e){return e.path+e.httpMethod},e.prototype.checkRestfulPermission=function(a,c,u){var e=this;return new Promise(function(i,s){return d(e,void 0,void 0,function(){var t,r,n,o;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,5,,6]),a.restfulAPI?a.restfulAPI.permissions&&a.restfulAPI.permissions[c]?"anonymous"===(t=a.restfulAPI.permissions[c])?[3,2]:(r=this.getUserId(u),D.Logger.debug("APIService","Checking restful api permission '"+t+"' for userId "+r),[4,this.permissionService.userHasPermission(r,t)]):[3,3]:[2,s(this.createAPIError({httpCode:"501",message:"This is not a restful API endpoint: "+a.name+" ["+c+"]!"}))];case 1:if(n=e.sent(),D.Logger.debug("APIService","Result: "+n),!n)return[2,s(this.createAPIError({httpCode:"403",message:"Permission '"+t+"' needed for "+a.name+" ["+c+"]!"}))];e.label=2;case 2:return[3,4];case 3:if(!a.restfulAPI.objectPermissionsField)return[2,s(this.createAPIError({httpCode:"501",message:"No permission found for "+a.name+" ["+c+"]!"}))];i(),e.label=4;case 4:return i(),[3,6];case 5:return o=e.sent(),s(o),[3,6];case 6:return[2]}})})})},e.prototype.getServiceQueryResult=function(e,t,r,n){var o=this;return D.Logger.debug("APIService","getting cursor"),this.getServiceQueryCursor(e,t.name,r).then(function(e){return D.Logger.debug("APIService","getting count"),e.count().then(function(t){return D.Logger.debug("APIService","got "+t+", fetching models"),e.fetch().then(function(e){return D.Logger.debug("APIService","creating pagination"),o.createPaginationResult(e,n,r,t)})})})},e.prototype.getCurrentUrl=function(e,t,r){var n=e+"?",o=D.TypesystemUtils.extractSelectorParameters(t.selector);return M.each(o,function(e){var t=r.queryParams["filter."+e.name];"string"==typeof t&&("number"===e.type&&(t=parseFloat(t)),"boolean"===e.type&&(t="true"===t),n+="&filter."+e.name+"="+t,D.Logger.debug("APIService","Replaced "+e.name+" with "+t+", typeof "+e.type))}),n},e.prototype.checkType=function(t){var r=this;D.Logger.debug("APIService","Checking Type: "+t.getModelName()),t.service&&t.service.queries instanceof Array&&(M.each(t.service.queries,function(e){void 0!==e.api?r.createServiceQueryEndpoint(t,e):void 0!==e.restfulAPI&&r.createRestfulServiceQueryEndpoint(t,e)}),t.service.methods instanceof Array&&M.each(t.service.methods,function(e){if(e.api&&"ddp"===e.type)throw new Error("DDP methods aren't supported anymore!")}))},e.prototype.getServiceQueryCursor=function(t,e,r){var n=this;return this.createAPISelector(t,e,r).then(function(e){return n.collectionsService.getCollectionByName(t.getCollectionName()).getMongoDBCollection().find(e.selector,e.options)})},e.prototype.checkCollectionAccess=function(u,p,l){var e=this;return new Promise(function(a,c){return d(e,void 0,void 0,function(){var t,r,n,o,i,s;return L(this,function(e){switch(e.label){case 0:return e.trys.push([0,2,,3]),t=void 0,D.Logger.debug("APIService","Checking access for query: "+u.name),[4,this.collectionAccessService.checkAccess(u,{userId:p,headers:l.headers})];case 1:for(r=e.sent(),D.Logger.debug("APIService"," -> Result",r),n=0,o=r;n<o.length;n++)switch((i=o[n]).type){case"boolean":if(!1===i.value)return[2,c(this.createAPIError({httpCode:"403",message:"Access denied by access rule!"}))];break;case"selector":if(void 0!==t)return[2,c(this.createAPIError({httpCode:"401",message:"Accessor Groups with more than one access method that changes the selector are not supported!"}))];t=i.value;break;default:return[2,c(this.createAPIError({httpCode:"500",message:"Unknown selector access type :"+i.type}))]}return a(t),[3,3];case 2:return s=e.sent(),D.Logger.error("APIService","Error while checking access: "+JSON.stringify(s)+" Stack: "+s.stack),[2,c(this.createAPIErrorFromException(s))];case 3:return[2]}})})})},p([D.Autowired(),l("design:type",Object)],e.prototype,"collectionAccessService",void 0),p([D.Autowired(),l("design:type",Object)],e.prototype,"authService",void 0),p([D.Autowired(),l("design:type",a.UserService)],e.prototype,"userService",void 0),p([D.Autowired(),l("design:type",D.ConfigurationService)],e.prototype,"configurationService",void 0),p([D.Autowired(),l("design:type",a.PermissionService)],e.prototype,"permissionService",void 0),e}(c),f=function(e,t,r,n){var o,i=arguments.length,s=i<3?t:null===n?n=Object.getOwnPropertyDescriptor(t,r):n;if("object"==typeof Reflect&&"function"==typeof Reflect.decorate)s=Reflect.decorate(e,t,r,n);else for(var a=e.length-1;0<=a;a--)(o=e[a])&&(s=(i<3?o(s):3<i?o(t,r,s):o(t,r))||s);return 3<i&&s&&Object.defineProperty(t,r,s),s},g=function(e,t){if("object"==typeof Reflect&&"function"==typeof Reflect.metadata)return Reflect.metadata(e,t)},y=function(){function e(){this.contentType="application/json",this.httpMethod="GET",this.authorized=!1,this.type="manual",this._hasSubDocuments=!1}return e.fromDocument=function(e){if(null==e)throw new Error("doc cannot be undefined/null while calling GeneratedAPI.fromDocument(doc)!");v.validate(e);var t=new v;return void 0!==e._id&&(t._id=e._id),void 0!==e.path&&(t.path=e.path),void 0!==e.contentType&&(t.contentType=e.contentType),void 0!==e.httpMethod&&(t.httpMethod=e.httpMethod),void 0!==e.headers&&(t.headers=e.headers),void 0!==e.authorized&&(t.authorized=e.authorized),void 0!==e.type&&(t.type=e.type),t},e.validate=function(e,t){void 0===t&&(t=!0);var r=D.IOC.get("typeValidator").validateType(v.asType(),e);if(t&&!r.valid)throw new D.ValidationException(r);return r},e.prototype.toDocument=function(){var e={};return e.path=this.path,e.contentType=this.contentType,e.httpMethod=this.httpMethod,e.headers=this.headers,e.authorized=this.authorized,e.type=this.type,this.isStored()&&(e._id=this._id),JSON.parse(JSON.stringify(e))},e.prototype.clone=function(){return v.fromDocument(this.toDocument())},e.prototype.saveSnapshot=function(){this._snapshot=this.toDocument()},e.prototype.restoreSnapshot=function(){if(!this._snapshot)throw new Error("Could not restore snapshot of model since no snapshot was saved before!");M.extend(this,this._snapshot)},e.prototype.hasSubDocuments=function(){return this._hasSubDocuments},e.prototype.isStored=function(){return void 0!==this._id},e.getModelName=function(){return"API"},e.prototype.getModelName=function(){return"API"},e.prototype.getForeignLabel=function(){return this.getModelName()+" ID:"+this._id},e.getModelClass=function(){return D.IOC.get("API")},e.prototype.getModelClass=function(){return D.IOC.get("API")},e.prototype.delete=function(){return h.instance().delete(this)},e.prototype.update=function(){return h.instance().update(this)},e.prototype.save=function(){return h.instance().save(this)},e.asType=function(){return D.Typesystem.instance().getTypeByModelName("API")},e.enums={httpMethod:{GET:"GET",POST:"POST",HEAD:"HEAD",PUT:"PUT",DELETE:"DELETE",OPTIONS:"OPTIONS"},type:{QUERY:"query",METHOD:"method",MANUAL:"manual",RESTFUL:"restful"}},f([D.Autowired(),g("design:type",Object)],e.prototype,"dataBridge",void 0),e}(),m=(o=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)t.hasOwnProperty(r)&&(e[r]=t[r])},function(e,t){function r(){this.constructor=e}o(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)}),v=function(e){function t(){return null!==e&&e.apply(this,arguments)||this}return m(t,e),t}(y),P=(i=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)t.hasOwnProperty(r)&&(e[r]=t[r])},function(e,t){function r(){this.constructor=e}i(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)}),A=function(t){function e(){var e=t.call(this)||this;return e.createMongoDBCollection(),e.applyAllowDenyRules(),e.createIndexes(),e.createPublications(),e}return P(e,t),e.prototype.createPublications=function(){this.dataBridge.isServer()},e.prototype.createMongoDBCollection=function(){this.mongoDBCollection=this.collectionsService.createMongoDBCollection("apis",function(e){return v.fromDocument(e)}),this.collectionsService.registerCollection("apis",this)},e.prototype.applyAllowDenyRules=function(){var e=this.getMongoDBCollectionAllowRules(),t=this.getMongoDBCollectionDenyRules();e&&this.mongoDBCollection.allow(e),t&&this.mongoDBCollection.deny(t)},e.prototype.getMongoDBCollectionAllowRules=function(){},e.prototype.getMongoDBCollectionDenyRules=function(){return{insert:function(e,t){return!1},update:function(e,t,r,n){return!1},remove:function(e,t){return!1}}},e.prototype.getForeignCollection=function(e){},e.prototype.getCollectionName=function(){return e.COLLECTION_NAME},e.getCollection=function(){return D.IOC.get("collectionsService").getCollectionByName(e.COLLECTION_NAME)},e.COLLECTION_NAME="apis",e.queries={},e.expandables={},e}(D.BaseCollection),b=(s=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)t.hasOwnProperty(r)&&(e[r]=t[r])},function(e,t){function r(){this.constructor=e}s(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)}),I=function(e){function t(){return null!==e&&e.apply(this,arguments)||this}return b(t,e),t}(A);function C(t){void 0===t&&(t={createCollections:!0,registerModels:!0,registerServices:!0,registerTypes:!0}),D.IOC.onRegister("typesystem",function(e){!0===t.registerTypes&&e.addType(D.Type.fromDocument({collection:{name:"apis"},service:{name:"APIService",abstract:!0,queries:[]},model:{name:"API",schema:[{name:"path",type:"string"},{name:"contentType",type:"string",defaultValue:"application/json",optional:!0},{name:"httpMethod",type:"string",defaultValue:"GET",allowedValues:["GET","POST","HEAD","PUT","DELETE","OPTIONS"],optional:!0},{name:"headers",type:"StringDictionary",optional:!0},{name:"authorized",type:"boolean",optional:!0,defaultValue:!1},{name:"type",type:"string",allowedValues:["query","method","manual","restful"],optional:!0,defaultValue:"manual"}]},packageName:"@smallstack/api-server"})),!0===t.registerModels&&D.IOC.register("API",v),!0===t.createCollections&&D.IOC.register("apisCollection",new I)})}e.initializeSmallstackApiServerPackage=function(e){void 0===e&&(e={createCollections:!0,registerModels:!0,registerServices:!0,registerTypes:!0}),C(e)},e.initializeAPIType=C,e.API=v,e.GeneratedAPI=y,e.APIService=h,e.ApisCollection=I,Object.defineProperty(e,"__esModule",{value:!0})}); | ||
| //# sourceMappingURL=index.umd.js.map |
| { | ||
| "name": "@smallstack/api-server", | ||
| "version": "0.3.39", | ||
| "version": "0.3.40", | ||
| "description": "API server functionality for smallstack projects", | ||
@@ -5,0 +5,0 @@ "main": "dist/bundle/index.umd.js", |
Sorry, the diff of this file is not supported yet
No alert changes
Worsened metrics
- Total package byte prevSize
- decreased by-0.02%
130112
No dependency changes